Report - InvictaStealer.exe

UPX Malicious Library OS Processor Check PE64 PE File
ScreenShot
Created 2023.07.18 21:09 Machine s1_win7_x6401
Filename InvictaStealer.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
6
Behavior Score
2.2
ZERO API
VT API (file) 39 detected (Common, Zusy, GenericRXAA, PasswordStealer, Eldorado, Attribute, HighConfidence, malicious, high confidence, score, PWSX, Gencirc, AGEN, Mozaakai, Sysdupate, Detected, R568695, ai score=82, m459qOqnsqT, susgen)
md5 bb3ca7c1c010c41508edcf5b15ef0995
sha256 7a573ed881a8f248b0234dc96010900b78245416f5ccdaa28bf5601708b3fd6c
ssdeep 24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtF:PBozBdhEV7q8bOQnIFWY+3Je0wt
imphash 2d5aa2bacb12ffd10966c83ca6563356
impfuzzy 96:rcKLta776BF1oASO+c/n5BtYLKRLe0DaR6xhWRv2U5Nl7qP6i:oKLta7kFDtY2awWROANdi
  Network IP location

Signature (4cnts)

Level Description
danger File has been identified by 39 AntiVirus engines on VirusTotal as malicious
watch Queries information on disks
notice A process attempted to delay the analysis task.
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

CRYPT32.dll
 0x1401be068 CertFindCertificateInStore
 0x1401be070 CertCloseStore
 0x1401be078 CertEnumCertificatesInStore
 0x1401be080 CertFreeCertificateContext
 0x1401be088 PFXImportCertStore
 0x1401be090 CryptDecodeObjectEx
 0x1401be098 CertAddCertificateContextToStore
 0x1401be0a0 CertFindExtension
 0x1401be0a8 CryptStringToBinaryA
 0x1401be0b0 CertGetNameStringA
 0x1401be0b8 CryptQueryObject
 0x1401be0c0 CertCreateCertificateChainEngine
 0x1401be0c8 CertFreeCertificateChainEngine
 0x1401be0d0 CertGetCertificateChain
 0x1401be0d8 CertOpenStore
 0x1401be0e0 CertFreeCertificateChain
KERNEL32.dll
 0x1401be0f0 HeapSize
 0x1401be0f8 MultiByteToWideChar
 0x1401be100 GetTempPathA
 0x1401be108 FormatMessageW
 0x1401be110 GetDiskFreeSpaceA
 0x1401be118 GetLastError
 0x1401be120 GetFileAttributesA
 0x1401be128 GetFileAttributesExW
 0x1401be130 OutputDebugStringW
 0x1401be138 FlushViewOfFile
 0x1401be140 CreateFileA
 0x1401be148 LoadLibraryA
 0x1401be150 WaitForSingleObjectEx
 0x1401be158 DeleteFileA
 0x1401be160 DeleteFileW
 0x1401be168 HeapReAlloc
 0x1401be170 CloseHandle
 0x1401be178 GetSystemInfo
 0x1401be180 HeapAlloc
 0x1401be188 HeapCompact
 0x1401be190 HeapDestroy
 0x1401be198 UnlockFile
 0x1401be1a0 LocalFree
 0x1401be1a8 LockFileEx
 0x1401be1b0 GetFileSize
 0x1401be1b8 DeleteCriticalSection
 0x1401be1c0 GetCurrentProcessId
 0x1401be1c8 GetProcessHeap
 0x1401be1d0 SystemTimeToFileTime
 0x1401be1d8 FreeLibrary
 0x1401be1e0 WideCharToMultiByte
 0x1401be1e8 GetSystemTimeAsFileTime
 0x1401be1f0 GetSystemTime
 0x1401be1f8 FormatMessageA
 0x1401be200 CreateFileMappingW
 0x1401be208 MapViewOfFile
 0x1401be210 QueryPerformanceCounter
 0x1401be218 GetTickCount
 0x1401be220 FlushFileBuffers
 0x1401be228 InitializeCriticalSectionEx
 0x1401be230 SleepEx
 0x1401be238 QueryPerformanceFrequency
 0x1401be240 GetSystemDirectoryA
 0x1401be248 GetModuleHandleA
 0x1401be250 SetLastError
 0x1401be258 MoveFileExA
 0x1401be260 GetEnvironmentVariableA
 0x1401be268 GetStdHandle
 0x1401be270 GetFileType
 0x1401be278 PeekNamedPipe
 0x1401be280 WaitForMultipleObjects
 0x1401be288 VerSetConditionMask
 0x1401be290 VerifyVersionInfoA
 0x1401be298 GetFileSizeEx
 0x1401be2a0 FindFirstFileW
 0x1401be2a8 FindNextFileW
 0x1401be2b0 FindClose
 0x1401be2b8 RaiseException
 0x1401be2c0 DecodePointer
 0x1401be2c8 GetCurrentThreadId
 0x1401be2d0 WriteConsoleW
 0x1401be2d8 SetEnvironmentVariableW
 0x1401be2e0 FreeEnvironmentStringsW
 0x1401be2e8 GetFileAttributesW
 0x1401be2f0 CreateFileW
 0x1401be2f8 WaitForSingleObject
 0x1401be300 CreateMutexW
 0x1401be308 GetTempPathW
 0x1401be310 UnlockFileEx
 0x1401be318 SetEndOfFile
 0x1401be320 GetFullPathNameA
 0x1401be328 SetFilePointer
 0x1401be330 InitializeCriticalSection
 0x1401be338 LeaveCriticalSection
 0x1401be340 LockFile
 0x1401be348 GetEnvironmentStringsW
 0x1401be350 GetCommandLineW
 0x1401be358 GetCommandLineA
 0x1401be360 GetOEMCP
 0x1401be368 GetACP
 0x1401be370 IsValidCodePage
 0x1401be378 HeapValidate
 0x1401be380 SetStdHandle
 0x1401be388 GetCurrentDirectoryW
 0x1401be390 GetTimeZoneInformation
 0x1401be398 EnumSystemLocalesW
 0x1401be3a0 GetUserDefaultLCID
 0x1401be3a8 IsValidLocale
 0x1401be3b0 GetLocaleInfoW
 0x1401be3b8 LCMapStringW
 0x1401be3c0 CompareStringW
 0x1401be3c8 GetConsoleOutputCP
 0x1401be3d0 ReadConsoleW
 0x1401be3d8 GetConsoleMode
 0x1401be3e0 GetModuleFileNameW
 0x1401be3e8 FileTimeToSystemTime
 0x1401be3f0 SystemTimeToTzSpecificLocalTime
 0x1401be3f8 GetFileInformationByHandle
 0x1401be400 GetDriveTypeW
 0x1401be408 ExitProcess
 0x1401be410 GetModuleHandleExW
 0x1401be418 FreeLibraryAndExitThread
 0x1401be420 ExitThread
 0x1401be428 CreateThread
 0x1401be430 LoadLibraryExW
 0x1401be438 TlsFree
 0x1401be440 TlsSetValue
 0x1401be448 TlsGetValue
 0x1401be450 TlsAlloc
 0x1401be458 RtlPcToFileHeader
 0x1401be460 InterlockedPushEntrySList
 0x1401be468 RtlUnwindEx
 0x1401be470 GetStartupInfoW
 0x1401be478 IsDebuggerPresent
 0x1401be480 IsProcessorFeaturePresent
 0x1401be488 TerminateProcess
 0x1401be490 RtlUnwind
 0x1401be498 GetCurrentProcess
 0x1401be4a0 SetUnhandledExceptionFilter
 0x1401be4a8 UnhandledExceptionFilter
 0x1401be4b0 RtlVirtualUnwind
 0x1401be4b8 RtlLookupFunctionEntry
 0x1401be4c0 RtlCaptureContext
 0x1401be4c8 CreateEventW
 0x1401be4d0 ResetEvent
 0x1401be4d8 SetEvent
 0x1401be4e0 InitializeCriticalSectionAndSpinCount
 0x1401be4e8 InitializeSListHead
 0x1401be4f0 GetCPInfo
 0x1401be4f8 GetStringTypeW
 0x1401be500 LCMapStringEx
 0x1401be508 EncodePointer
 0x1401be510 GetModuleHandleW
 0x1401be518 OutputDebugStringA
 0x1401be520 GetDiskFreeSpaceW
 0x1401be528 WriteFile
 0x1401be530 GetFullPathNameW
 0x1401be538 EnterCriticalSection
 0x1401be540 HeapFree
 0x1401be548 HeapCreate
 0x1401be550 TryEnterCriticalSection
 0x1401be558 ReadFile
 0x1401be560 AreFileApisANSI
 0x1401be568 Sleep
 0x1401be570 GetProcAddress
 0x1401be578 LoadLibraryW
 0x1401be580 FindFirstFileExW
 0x1401be588 UnmapViewOfFile
 0x1401be590 MoveFileExW
 0x1401be598 SetFileAttributesW
 0x1401be5a0 GetFileTime
 0x1401be5a8 SetFilePointerEx
 0x1401be5b0 InitializeSRWLock
 0x1401be5b8 ReleaseSRWLockExclusive
 0x1401be5c0 AcquireSRWLockExclusive
 0x1401be5c8 GetExitCodeThread
USER32.dll
 0x1401be600 GetCursorPos
ADVAPI32.dll
 0x1401be000 CryptCreateHash
 0x1401be008 RegCloseKey
 0x1401be010 CryptAcquireContextA
 0x1401be018 CryptReleaseContext
 0x1401be020 CryptGetHashParam
 0x1401be028 CryptGenRandom
 0x1401be030 CryptHashData
 0x1401be038 CryptDestroyHash
 0x1401be040 CryptDestroyKey
 0x1401be048 CryptImportKey
 0x1401be050 CryptEncrypt
 0x1401be058 GetSecurityInfo
SHELL32.dll
 0x1401be5e8 SHGetKnownFolderPath
 0x1401be5f0 SHGetFolderPathW
ole32.dll
 0x1401be828 CoCreateInstance
 0x1401be830 CoUninitialize
 0x1401be838 CoTaskMemFree
 0x1401be840 CoInitialize
crypt.dll
 0x1401be7b8 BCryptGenerateSymmetricKey
 0x1401be7c0 BCryptDestroyKey
 0x1401be7c8 BCryptSetProperty
 0x1401be7d0 BCryptGetProperty
 0x1401be7d8 BCryptOpenAlgorithmProvider
 0x1401be7e0 BCryptCloseAlgorithmProvider
 0x1401be7e8 BCryptEncrypt
 0x1401be7f0 BCryptDeriveKeyPBKDF2
 0x1401be7f8 BCryptCreateHash
 0x1401be800 BCryptGenRandom
 0x1401be808 BCryptDestroyHash
 0x1401be810 BCryptHashData
 0x1401be818 BCryptFinishHash
WS2_32.dll
 0x1401be6a8 WSACloseEvent
 0x1401be6b0 WSAEnumNetworkEvents
 0x1401be6b8 getaddrinfo
 0x1401be6c0 ioctlsocket
 0x1401be6c8 listen
 0x1401be6d0 htonl
 0x1401be6d8 accept
 0x1401be6e0 select
 0x1401be6e8 __WSAFDIsSet
 0x1401be6f0 WSACleanup
 0x1401be6f8 WSAStartup
 0x1401be700 WSAIoctl
 0x1401be708 WSASetLastError
 0x1401be710 socket
 0x1401be718 setsockopt
 0x1401be720 ntohs
 0x1401be728 htons
 0x1401be730 getsockopt
 0x1401be738 getsockname
 0x1401be740 getpeername
 0x1401be748 connect
 0x1401be750 ind
 0x1401be758 closesocket
 0x1401be760 WSAGetLastError
 0x1401be768 send
 0x1401be770 recv
 0x1401be778 WSAEventSelect
 0x1401be780 recvfrom
 0x1401be788 sendto
 0x1401be790 gethostname
 0x1401be798 ntohl
 0x1401be7a0 freeaddrinfo
 0x1401be7a8 WSACreateEvent
Normaliz.dll
 0x1401be5d8 IdnToAscii
WLDAP32.dll
 0x1401be610 None
 0x1401be618 None
 0x1401be620 None
 0x1401be628 None
 0x1401be630 None
 0x1401be638 None
 0x1401be640 None
 0x1401be648 None
 0x1401be650 None
 0x1401be658 None
 0x1401be660 None
 0x1401be668 None
 0x1401be670 None
 0x1401be678 None
 0x1401be680 None
 0x1401be688 None
 0x1401be690 None
 0x1401be698 None

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure