ScreenShot
| Created | 2023.07.18 21:09 | Machine | s1_win7_x6401 |
| Filename | InvictaStealer.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 39 detected (Common, Zusy, GenericRXAA, PasswordStealer, Eldorado, Attribute, HighConfidence, malicious, high confidence, score, PWSX, Gencirc, AGEN, Mozaakai, Sysdupate, Detected, R568695, ai score=82, m459qOqnsqT, susgen) | ||
| md5 | bb3ca7c1c010c41508edcf5b15ef0995 | ||
| sha256 | 7a573ed881a8f248b0234dc96010900b78245416f5ccdaa28bf5601708b3fd6c | ||
| ssdeep | 24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtF:PBozBdhEV7q8bOQnIFWY+3Je0wt | ||
| imphash | 2d5aa2bacb12ffd10966c83ca6563356 | ||
| impfuzzy | 96:rcKLta776BF1oASO+c/n5BtYLKRLe0DaR6xhWRv2U5Nl7qP6i:oKLta7kFDtY2awWROANdi | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Queries information on disks |
| notice | A process attempted to delay the analysis task. |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
CRYPT32.dll
0x1401be068 CertFindCertificateInStore
0x1401be070 CertCloseStore
0x1401be078 CertEnumCertificatesInStore
0x1401be080 CertFreeCertificateContext
0x1401be088 PFXImportCertStore
0x1401be090 CryptDecodeObjectEx
0x1401be098 CertAddCertificateContextToStore
0x1401be0a0 CertFindExtension
0x1401be0a8 CryptStringToBinaryA
0x1401be0b0 CertGetNameStringA
0x1401be0b8 CryptQueryObject
0x1401be0c0 CertCreateCertificateChainEngine
0x1401be0c8 CertFreeCertificateChainEngine
0x1401be0d0 CertGetCertificateChain
0x1401be0d8 CertOpenStore
0x1401be0e0 CertFreeCertificateChain
KERNEL32.dll
0x1401be0f0 HeapSize
0x1401be0f8 MultiByteToWideChar
0x1401be100 GetTempPathA
0x1401be108 FormatMessageW
0x1401be110 GetDiskFreeSpaceA
0x1401be118 GetLastError
0x1401be120 GetFileAttributesA
0x1401be128 GetFileAttributesExW
0x1401be130 OutputDebugStringW
0x1401be138 FlushViewOfFile
0x1401be140 CreateFileA
0x1401be148 LoadLibraryA
0x1401be150 WaitForSingleObjectEx
0x1401be158 DeleteFileA
0x1401be160 DeleteFileW
0x1401be168 HeapReAlloc
0x1401be170 CloseHandle
0x1401be178 GetSystemInfo
0x1401be180 HeapAlloc
0x1401be188 HeapCompact
0x1401be190 HeapDestroy
0x1401be198 UnlockFile
0x1401be1a0 LocalFree
0x1401be1a8 LockFileEx
0x1401be1b0 GetFileSize
0x1401be1b8 DeleteCriticalSection
0x1401be1c0 GetCurrentProcessId
0x1401be1c8 GetProcessHeap
0x1401be1d0 SystemTimeToFileTime
0x1401be1d8 FreeLibrary
0x1401be1e0 WideCharToMultiByte
0x1401be1e8 GetSystemTimeAsFileTime
0x1401be1f0 GetSystemTime
0x1401be1f8 FormatMessageA
0x1401be200 CreateFileMappingW
0x1401be208 MapViewOfFile
0x1401be210 QueryPerformanceCounter
0x1401be218 GetTickCount
0x1401be220 FlushFileBuffers
0x1401be228 InitializeCriticalSectionEx
0x1401be230 SleepEx
0x1401be238 QueryPerformanceFrequency
0x1401be240 GetSystemDirectoryA
0x1401be248 GetModuleHandleA
0x1401be250 SetLastError
0x1401be258 MoveFileExA
0x1401be260 GetEnvironmentVariableA
0x1401be268 GetStdHandle
0x1401be270 GetFileType
0x1401be278 PeekNamedPipe
0x1401be280 WaitForMultipleObjects
0x1401be288 VerSetConditionMask
0x1401be290 VerifyVersionInfoA
0x1401be298 GetFileSizeEx
0x1401be2a0 FindFirstFileW
0x1401be2a8 FindNextFileW
0x1401be2b0 FindClose
0x1401be2b8 RaiseException
0x1401be2c0 DecodePointer
0x1401be2c8 GetCurrentThreadId
0x1401be2d0 WriteConsoleW
0x1401be2d8 SetEnvironmentVariableW
0x1401be2e0 FreeEnvironmentStringsW
0x1401be2e8 GetFileAttributesW
0x1401be2f0 CreateFileW
0x1401be2f8 WaitForSingleObject
0x1401be300 CreateMutexW
0x1401be308 GetTempPathW
0x1401be310 UnlockFileEx
0x1401be318 SetEndOfFile
0x1401be320 GetFullPathNameA
0x1401be328 SetFilePointer
0x1401be330 InitializeCriticalSection
0x1401be338 LeaveCriticalSection
0x1401be340 LockFile
0x1401be348 GetEnvironmentStringsW
0x1401be350 GetCommandLineW
0x1401be358 GetCommandLineA
0x1401be360 GetOEMCP
0x1401be368 GetACP
0x1401be370 IsValidCodePage
0x1401be378 HeapValidate
0x1401be380 SetStdHandle
0x1401be388 GetCurrentDirectoryW
0x1401be390 GetTimeZoneInformation
0x1401be398 EnumSystemLocalesW
0x1401be3a0 GetUserDefaultLCID
0x1401be3a8 IsValidLocale
0x1401be3b0 GetLocaleInfoW
0x1401be3b8 LCMapStringW
0x1401be3c0 CompareStringW
0x1401be3c8 GetConsoleOutputCP
0x1401be3d0 ReadConsoleW
0x1401be3d8 GetConsoleMode
0x1401be3e0 GetModuleFileNameW
0x1401be3e8 FileTimeToSystemTime
0x1401be3f0 SystemTimeToTzSpecificLocalTime
0x1401be3f8 GetFileInformationByHandle
0x1401be400 GetDriveTypeW
0x1401be408 ExitProcess
0x1401be410 GetModuleHandleExW
0x1401be418 FreeLibraryAndExitThread
0x1401be420 ExitThread
0x1401be428 CreateThread
0x1401be430 LoadLibraryExW
0x1401be438 TlsFree
0x1401be440 TlsSetValue
0x1401be448 TlsGetValue
0x1401be450 TlsAlloc
0x1401be458 RtlPcToFileHeader
0x1401be460 InterlockedPushEntrySList
0x1401be468 RtlUnwindEx
0x1401be470 GetStartupInfoW
0x1401be478 IsDebuggerPresent
0x1401be480 IsProcessorFeaturePresent
0x1401be488 TerminateProcess
0x1401be490 RtlUnwind
0x1401be498 GetCurrentProcess
0x1401be4a0 SetUnhandledExceptionFilter
0x1401be4a8 UnhandledExceptionFilter
0x1401be4b0 RtlVirtualUnwind
0x1401be4b8 RtlLookupFunctionEntry
0x1401be4c0 RtlCaptureContext
0x1401be4c8 CreateEventW
0x1401be4d0 ResetEvent
0x1401be4d8 SetEvent
0x1401be4e0 InitializeCriticalSectionAndSpinCount
0x1401be4e8 InitializeSListHead
0x1401be4f0 GetCPInfo
0x1401be4f8 GetStringTypeW
0x1401be500 LCMapStringEx
0x1401be508 EncodePointer
0x1401be510 GetModuleHandleW
0x1401be518 OutputDebugStringA
0x1401be520 GetDiskFreeSpaceW
0x1401be528 WriteFile
0x1401be530 GetFullPathNameW
0x1401be538 EnterCriticalSection
0x1401be540 HeapFree
0x1401be548 HeapCreate
0x1401be550 TryEnterCriticalSection
0x1401be558 ReadFile
0x1401be560 AreFileApisANSI
0x1401be568 Sleep
0x1401be570 GetProcAddress
0x1401be578 LoadLibraryW
0x1401be580 FindFirstFileExW
0x1401be588 UnmapViewOfFile
0x1401be590 MoveFileExW
0x1401be598 SetFileAttributesW
0x1401be5a0 GetFileTime
0x1401be5a8 SetFilePointerEx
0x1401be5b0 InitializeSRWLock
0x1401be5b8 ReleaseSRWLockExclusive
0x1401be5c0 AcquireSRWLockExclusive
0x1401be5c8 GetExitCodeThread
USER32.dll
0x1401be600 GetCursorPos
ADVAPI32.dll
0x1401be000 CryptCreateHash
0x1401be008 RegCloseKey
0x1401be010 CryptAcquireContextA
0x1401be018 CryptReleaseContext
0x1401be020 CryptGetHashParam
0x1401be028 CryptGenRandom
0x1401be030 CryptHashData
0x1401be038 CryptDestroyHash
0x1401be040 CryptDestroyKey
0x1401be048 CryptImportKey
0x1401be050 CryptEncrypt
0x1401be058 GetSecurityInfo
SHELL32.dll
0x1401be5e8 SHGetKnownFolderPath
0x1401be5f0 SHGetFolderPathW
ole32.dll
0x1401be828 CoCreateInstance
0x1401be830 CoUninitialize
0x1401be838 CoTaskMemFree
0x1401be840 CoInitialize
crypt.dll
0x1401be7b8 BCryptGenerateSymmetricKey
0x1401be7c0 BCryptDestroyKey
0x1401be7c8 BCryptSetProperty
0x1401be7d0 BCryptGetProperty
0x1401be7d8 BCryptOpenAlgorithmProvider
0x1401be7e0 BCryptCloseAlgorithmProvider
0x1401be7e8 BCryptEncrypt
0x1401be7f0 BCryptDeriveKeyPBKDF2
0x1401be7f8 BCryptCreateHash
0x1401be800 BCryptGenRandom
0x1401be808 BCryptDestroyHash
0x1401be810 BCryptHashData
0x1401be818 BCryptFinishHash
WS2_32.dll
0x1401be6a8 WSACloseEvent
0x1401be6b0 WSAEnumNetworkEvents
0x1401be6b8 getaddrinfo
0x1401be6c0 ioctlsocket
0x1401be6c8 listen
0x1401be6d0 htonl
0x1401be6d8 accept
0x1401be6e0 select
0x1401be6e8 __WSAFDIsSet
0x1401be6f0 WSACleanup
0x1401be6f8 WSAStartup
0x1401be700 WSAIoctl
0x1401be708 WSASetLastError
0x1401be710 socket
0x1401be718 setsockopt
0x1401be720 ntohs
0x1401be728 htons
0x1401be730 getsockopt
0x1401be738 getsockname
0x1401be740 getpeername
0x1401be748 connect
0x1401be750 ind
0x1401be758 closesocket
0x1401be760 WSAGetLastError
0x1401be768 send
0x1401be770 recv
0x1401be778 WSAEventSelect
0x1401be780 recvfrom
0x1401be788 sendto
0x1401be790 gethostname
0x1401be798 ntohl
0x1401be7a0 freeaddrinfo
0x1401be7a8 WSACreateEvent
Normaliz.dll
0x1401be5d8 IdnToAscii
WLDAP32.dll
0x1401be610 None
0x1401be618 None
0x1401be620 None
0x1401be628 None
0x1401be630 None
0x1401be638 None
0x1401be640 None
0x1401be648 None
0x1401be650 None
0x1401be658 None
0x1401be660 None
0x1401be668 None
0x1401be670 None
0x1401be678 None
0x1401be680 None
0x1401be688 None
0x1401be690 None
0x1401be698 None
EAT(Export Address Table) is none
CRYPT32.dll
0x1401be068 CertFindCertificateInStore
0x1401be070 CertCloseStore
0x1401be078 CertEnumCertificatesInStore
0x1401be080 CertFreeCertificateContext
0x1401be088 PFXImportCertStore
0x1401be090 CryptDecodeObjectEx
0x1401be098 CertAddCertificateContextToStore
0x1401be0a0 CertFindExtension
0x1401be0a8 CryptStringToBinaryA
0x1401be0b0 CertGetNameStringA
0x1401be0b8 CryptQueryObject
0x1401be0c0 CertCreateCertificateChainEngine
0x1401be0c8 CertFreeCertificateChainEngine
0x1401be0d0 CertGetCertificateChain
0x1401be0d8 CertOpenStore
0x1401be0e0 CertFreeCertificateChain
KERNEL32.dll
0x1401be0f0 HeapSize
0x1401be0f8 MultiByteToWideChar
0x1401be100 GetTempPathA
0x1401be108 FormatMessageW
0x1401be110 GetDiskFreeSpaceA
0x1401be118 GetLastError
0x1401be120 GetFileAttributesA
0x1401be128 GetFileAttributesExW
0x1401be130 OutputDebugStringW
0x1401be138 FlushViewOfFile
0x1401be140 CreateFileA
0x1401be148 LoadLibraryA
0x1401be150 WaitForSingleObjectEx
0x1401be158 DeleteFileA
0x1401be160 DeleteFileW
0x1401be168 HeapReAlloc
0x1401be170 CloseHandle
0x1401be178 GetSystemInfo
0x1401be180 HeapAlloc
0x1401be188 HeapCompact
0x1401be190 HeapDestroy
0x1401be198 UnlockFile
0x1401be1a0 LocalFree
0x1401be1a8 LockFileEx
0x1401be1b0 GetFileSize
0x1401be1b8 DeleteCriticalSection
0x1401be1c0 GetCurrentProcessId
0x1401be1c8 GetProcessHeap
0x1401be1d0 SystemTimeToFileTime
0x1401be1d8 FreeLibrary
0x1401be1e0 WideCharToMultiByte
0x1401be1e8 GetSystemTimeAsFileTime
0x1401be1f0 GetSystemTime
0x1401be1f8 FormatMessageA
0x1401be200 CreateFileMappingW
0x1401be208 MapViewOfFile
0x1401be210 QueryPerformanceCounter
0x1401be218 GetTickCount
0x1401be220 FlushFileBuffers
0x1401be228 InitializeCriticalSectionEx
0x1401be230 SleepEx
0x1401be238 QueryPerformanceFrequency
0x1401be240 GetSystemDirectoryA
0x1401be248 GetModuleHandleA
0x1401be250 SetLastError
0x1401be258 MoveFileExA
0x1401be260 GetEnvironmentVariableA
0x1401be268 GetStdHandle
0x1401be270 GetFileType
0x1401be278 PeekNamedPipe
0x1401be280 WaitForMultipleObjects
0x1401be288 VerSetConditionMask
0x1401be290 VerifyVersionInfoA
0x1401be298 GetFileSizeEx
0x1401be2a0 FindFirstFileW
0x1401be2a8 FindNextFileW
0x1401be2b0 FindClose
0x1401be2b8 RaiseException
0x1401be2c0 DecodePointer
0x1401be2c8 GetCurrentThreadId
0x1401be2d0 WriteConsoleW
0x1401be2d8 SetEnvironmentVariableW
0x1401be2e0 FreeEnvironmentStringsW
0x1401be2e8 GetFileAttributesW
0x1401be2f0 CreateFileW
0x1401be2f8 WaitForSingleObject
0x1401be300 CreateMutexW
0x1401be308 GetTempPathW
0x1401be310 UnlockFileEx
0x1401be318 SetEndOfFile
0x1401be320 GetFullPathNameA
0x1401be328 SetFilePointer
0x1401be330 InitializeCriticalSection
0x1401be338 LeaveCriticalSection
0x1401be340 LockFile
0x1401be348 GetEnvironmentStringsW
0x1401be350 GetCommandLineW
0x1401be358 GetCommandLineA
0x1401be360 GetOEMCP
0x1401be368 GetACP
0x1401be370 IsValidCodePage
0x1401be378 HeapValidate
0x1401be380 SetStdHandle
0x1401be388 GetCurrentDirectoryW
0x1401be390 GetTimeZoneInformation
0x1401be398 EnumSystemLocalesW
0x1401be3a0 GetUserDefaultLCID
0x1401be3a8 IsValidLocale
0x1401be3b0 GetLocaleInfoW
0x1401be3b8 LCMapStringW
0x1401be3c0 CompareStringW
0x1401be3c8 GetConsoleOutputCP
0x1401be3d0 ReadConsoleW
0x1401be3d8 GetConsoleMode
0x1401be3e0 GetModuleFileNameW
0x1401be3e8 FileTimeToSystemTime
0x1401be3f0 SystemTimeToTzSpecificLocalTime
0x1401be3f8 GetFileInformationByHandle
0x1401be400 GetDriveTypeW
0x1401be408 ExitProcess
0x1401be410 GetModuleHandleExW
0x1401be418 FreeLibraryAndExitThread
0x1401be420 ExitThread
0x1401be428 CreateThread
0x1401be430 LoadLibraryExW
0x1401be438 TlsFree
0x1401be440 TlsSetValue
0x1401be448 TlsGetValue
0x1401be450 TlsAlloc
0x1401be458 RtlPcToFileHeader
0x1401be460 InterlockedPushEntrySList
0x1401be468 RtlUnwindEx
0x1401be470 GetStartupInfoW
0x1401be478 IsDebuggerPresent
0x1401be480 IsProcessorFeaturePresent
0x1401be488 TerminateProcess
0x1401be490 RtlUnwind
0x1401be498 GetCurrentProcess
0x1401be4a0 SetUnhandledExceptionFilter
0x1401be4a8 UnhandledExceptionFilter
0x1401be4b0 RtlVirtualUnwind
0x1401be4b8 RtlLookupFunctionEntry
0x1401be4c0 RtlCaptureContext
0x1401be4c8 CreateEventW
0x1401be4d0 ResetEvent
0x1401be4d8 SetEvent
0x1401be4e0 InitializeCriticalSectionAndSpinCount
0x1401be4e8 InitializeSListHead
0x1401be4f0 GetCPInfo
0x1401be4f8 GetStringTypeW
0x1401be500 LCMapStringEx
0x1401be508 EncodePointer
0x1401be510 GetModuleHandleW
0x1401be518 OutputDebugStringA
0x1401be520 GetDiskFreeSpaceW
0x1401be528 WriteFile
0x1401be530 GetFullPathNameW
0x1401be538 EnterCriticalSection
0x1401be540 HeapFree
0x1401be548 HeapCreate
0x1401be550 TryEnterCriticalSection
0x1401be558 ReadFile
0x1401be560 AreFileApisANSI
0x1401be568 Sleep
0x1401be570 GetProcAddress
0x1401be578 LoadLibraryW
0x1401be580 FindFirstFileExW
0x1401be588 UnmapViewOfFile
0x1401be590 MoveFileExW
0x1401be598 SetFileAttributesW
0x1401be5a0 GetFileTime
0x1401be5a8 SetFilePointerEx
0x1401be5b0 InitializeSRWLock
0x1401be5b8 ReleaseSRWLockExclusive
0x1401be5c0 AcquireSRWLockExclusive
0x1401be5c8 GetExitCodeThread
USER32.dll
0x1401be600 GetCursorPos
ADVAPI32.dll
0x1401be000 CryptCreateHash
0x1401be008 RegCloseKey
0x1401be010 CryptAcquireContextA
0x1401be018 CryptReleaseContext
0x1401be020 CryptGetHashParam
0x1401be028 CryptGenRandom
0x1401be030 CryptHashData
0x1401be038 CryptDestroyHash
0x1401be040 CryptDestroyKey
0x1401be048 CryptImportKey
0x1401be050 CryptEncrypt
0x1401be058 GetSecurityInfo
SHELL32.dll
0x1401be5e8 SHGetKnownFolderPath
0x1401be5f0 SHGetFolderPathW
ole32.dll
0x1401be828 CoCreateInstance
0x1401be830 CoUninitialize
0x1401be838 CoTaskMemFree
0x1401be840 CoInitialize
crypt.dll
0x1401be7b8 BCryptGenerateSymmetricKey
0x1401be7c0 BCryptDestroyKey
0x1401be7c8 BCryptSetProperty
0x1401be7d0 BCryptGetProperty
0x1401be7d8 BCryptOpenAlgorithmProvider
0x1401be7e0 BCryptCloseAlgorithmProvider
0x1401be7e8 BCryptEncrypt
0x1401be7f0 BCryptDeriveKeyPBKDF2
0x1401be7f8 BCryptCreateHash
0x1401be800 BCryptGenRandom
0x1401be808 BCryptDestroyHash
0x1401be810 BCryptHashData
0x1401be818 BCryptFinishHash
WS2_32.dll
0x1401be6a8 WSACloseEvent
0x1401be6b0 WSAEnumNetworkEvents
0x1401be6b8 getaddrinfo
0x1401be6c0 ioctlsocket
0x1401be6c8 listen
0x1401be6d0 htonl
0x1401be6d8 accept
0x1401be6e0 select
0x1401be6e8 __WSAFDIsSet
0x1401be6f0 WSACleanup
0x1401be6f8 WSAStartup
0x1401be700 WSAIoctl
0x1401be708 WSASetLastError
0x1401be710 socket
0x1401be718 setsockopt
0x1401be720 ntohs
0x1401be728 htons
0x1401be730 getsockopt
0x1401be738 getsockname
0x1401be740 getpeername
0x1401be748 connect
0x1401be750 ind
0x1401be758 closesocket
0x1401be760 WSAGetLastError
0x1401be768 send
0x1401be770 recv
0x1401be778 WSAEventSelect
0x1401be780 recvfrom
0x1401be788 sendto
0x1401be790 gethostname
0x1401be798 ntohl
0x1401be7a0 freeaddrinfo
0x1401be7a8 WSACreateEvent
Normaliz.dll
0x1401be5d8 IdnToAscii
WLDAP32.dll
0x1401be610 None
0x1401be618 None
0x1401be620 None
0x1401be628 None
0x1401be630 None
0x1401be638 None
0x1401be640 None
0x1401be648 None
0x1401be650 None
0x1401be658 None
0x1401be660 None
0x1401be668 None
0x1401be670 None
0x1401be678 None
0x1401be680 None
0x1401be688 None
0x1401be690 None
0x1401be698 None
EAT(Export Address Table) is none