popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

stealc.exe

Emotet Generic Malware Malicious Library ASPack UPX WinRAR dll ftp PE64 PE File DLL OS Processor Check PE32 MZP Format DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Feb. 7, 2025, 2:12 p.m. Feb. 7, 2025, 2:16 p.m.
Size 3.3MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 d38779b089440ccd9ca6120468528940
SHA256 ce6f6b28c7c9e687a2664d31f1e4719143f23d96118a072f2116c72ed95e7ec5
CRC32 6822EA73
ssdeep 98304:0qwgfBmTD4xP3U1LyH1lVcq/evD4QhLlZZt8sV:0qwY1xPWyVlOBL4wHz8U
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • Win32_WinRAR_SFX_Zero - Win32 WinRAR SFX
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb
section .didat
section _RDATA
resource name PNG
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\Electro\lunarian.ppt
file C:\Users\test22\AppData\Local\Temp\Electro\bassmix.dll
file C:\Users\test22\AppData\Local\Temp\Electro\basswma.dll
file C:\Users\test22\AppData\Local\Temp\Electro\bassenc_ogg.dll
file C:\Users\test22\AppData\Local\Temp\Electro\bass.dll
file C:\Users\test22\AppData\Local\Temp\Electro\bassenc.dll
file C:\Users\test22\AppData\Local\Temp\Electro\AudioGenie3.dll
file C:\Users\test22\AppData\Local\Temp\Electro\BatchFileConverter.exe
file C:\Users\test22\AppData\Local\Temp\Electro\bassenc_ogg.dll
file C:\Users\test22\AppData\Local\Temp\Electro\bassenc.dll
file C:\Users\test22\AppData\Local\Temp\Electro\BatchFileConverter.exe
file C:\Users\test22\AppData\Local\Temp\Electro\basswma.dll
file C:\Users\test22\AppData\Local\Temp\Electro\bass.dll
file C:\Users\test22\AppData\Local\Temp\Electro\AudioGenie3.dll
file C:\Users\test22\AppData\Local\Temp\Electro\bassmix.dll
Skyhigh BehavesLike.Win64.Generic.wc
Cylance Unsafe
CrowdStrike win/malicious_confidence_90% (W)
Elastic malicious (moderate confidence)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
McAfeeD ti!CE6F6B28C7C9
Kingsoft Win32.Trojan.Penguish.a
DeepInstinct MALICIOUS
file C:\Users\test22\AppData\Local\Temp\Electro\BatchFileConverter.exe