popup

Report - 2.1.0ff.exe

Raccoon Stealer PE32 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.03.29 14:23 Machine s1_win7_x6403
Filename 2.1.0ff.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
7
 Behavior Score
2.0
ZERO API file : malware
VT API (file) 45 detected (Raccoon, malicious, high confidence, Agiala, PasswordStealer, Veee, confidence, 100%, TrojanPSW, Attribute, HighConfidence, Kryptik, HTAJ, score, QQPass, QQRob, Zfow, Artemis, high, EncPk, AGEN, ai score=85, Wacatac, Detected, unsafe, UEeylJZ8YgL, susgen, Genetic)
md5 bc338e23e5411697561306eabb29bd9c
sha256 fc89f7167628e95935070f6a72c859da69a91655e72c4d8c8e31fbac73c2d379
ssdeep 1536:/ja4qX8uFJQvccqJ4QFn8XwcWwH7Yq8BG8TcdayFtvhV732+oOl8s4PBqZ1zObEg:/jYPQRQmr8YLNL6dzjPAvZjy5g
imphash 97d41417e1c898a9dc85fb4d98655fda
impfuzzy 3:sygWho3aAXwUgEJJ67aIdBA5bAJS9KTXzhAXwWBJAEPQLMAXZTA1LMRMExn:fZy3/JqAF7GDYBJAEYdTA1cL
  Network IP location

Signature (3cnts)

Level Description
danger File has been identified by 45 AntiVirus engines on VirusTotal as malicious
watch Tries to unhook Windows functions monitored by Cuckoo
info One or more processes crashed

Rules (3cnts)

Level Name Description Collection
danger Raccoon_Stealer_1_Zero Raccoon Stealer binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x41a008 LocalSize
 0x41a00c lstrlenA
 0x41a010 LocalAlloc
 0x41a014 IsBadCodePtr
 0x41a018 GetProcAddress
 0x41a01c LoadLibraryA
GDI32.dll
 0x41a000 GetDeviceCaps
ole32.dll
 0x41a024 CoInitialize

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure