ScreenShot
| Created | 2023.09.30 13:21 | Machine | s1_win7_x6401 |
| Filename | StealerClient_Cpp.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (AIDetectMalware, RisePro, malicious, high confidence, Doina, Artemis, PasswordStealer, V5om, TrojanPSW, confidence, 100%, ZexaF, ov0@a8wRi2ok, Genus, ABRisk, BOAK, Attribute, HighConfidence, ADVG, MalwareX, Gencirc, elloe, PRIVATELOADER, YXDI1Z, score, Static AI, Suspicious PE, Detected, ai score=84, GrayWare, Wacapew, Znyonm, R606193, BScope, unsafe, Chgt, CLASSIC, susgen) | ||
| md5 | e6692c8fef5862964a4a82d5c58ba709 | ||
| sha256 | 9869bb41ffe09d22186b35318067780a764c929ef94823fc21c5093520bcf9a3 | ||
| ssdeep | 24576:G1vuE03HfGvF4TLt7oj7v0zvr3974W1PbijMT6YFbs7pmqBTxV81GFbwzFVc+:+6XfGvW17iWbijMeYFbs70qBT81GFbwx | ||
| imphash | b625b0422748e8ddd8a2e69ebe413b45 | ||
| impfuzzy | 96:WEiYkmaiyPc+p7tGOWqQcfwMmGGBWkOMLNcTiXE9n:xirmfctGH3WAtI | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4fd054 GetLocaleInfoA
0x4fd058 OpenProcess
0x4fd05c CreateToolhelp32Snapshot
0x4fd060 MultiByteToWideChar
0x4fd064 Sleep
0x4fd068 GetTempPathA
0x4fd06c GetModuleHandleExA
0x4fd070 GetTimeZoneInformation
0x4fd074 GetTickCount64
0x4fd078 CopyFileA
0x4fd07c GetLastError
0x4fd080 GetFileAttributesA
0x4fd084 TzSpecificLocalTimeToSystemTime
0x4fd088 CreateFileA
0x4fd08c SetEvent
0x4fd090 TerminateThread
0x4fd094 LoadLibraryA
0x4fd098 GetVersionExA
0x4fd09c DeleteFileA
0x4fd0a0 Process32Next
0x4fd0a4 CloseHandle
0x4fd0a8 GetSystemInfo
0x4fd0ac CreateThread
0x4fd0b0 ResetEvent
0x4fd0b4 GetWindowsDirectoryA
0x4fd0b8 HeapAlloc
0x4fd0bc SetFileAttributesA
0x4fd0c0 GetLocalTime
0x4fd0c4 GetProcAddress
0x4fd0c8 LocalFree
0x4fd0cc IsProcessorFeaturePresent
0x4fd0d0 GetFileSize
0x4fd0d4 RemoveDirectoryA
0x4fd0d8 ExitProcess
0x4fd0dc GetCurrentProcessId
0x4fd0e0 GetProcessHeap
0x4fd0e4 GlobalMemoryStatusEx
0x4fd0e8 FreeLibrary
0x4fd0ec WideCharToMultiByte
0x4fd0f0 CreateProcessA
0x4fd0f4 CreateDirectoryA
0x4fd0f8 GetSystemTime
0x4fd0fc CreateEventA
0x4fd100 GetModuleHandleA
0x4fd104 GetPrivateProfileStringA
0x4fd108 IsWow64Process
0x4fd10c IsDebuggerPresent
0x4fd110 GetComputerNameA
0x4fd114 SetUnhandledExceptionFilter
0x4fd118 lstrcatA
0x4fd11c lstrcpyA
0x4fd120 lstrcpynA
0x4fd124 SetFilePointer
0x4fd128 lstrlenA
0x4fd12c AreFileApisANSI
0x4fd130 EnterCriticalSection
0x4fd134 GetFullPathNameW
0x4fd138 GetDiskFreeSpaceW
0x4fd13c LockFile
0x4fd140 LeaveCriticalSection
0x4fd144 InitializeCriticalSection
0x4fd148 GetFullPathNameA
0x4fd14c SetEndOfFile
0x4fd150 GetTempPathW
0x4fd154 GetFileAttributesW
0x4fd158 FormatMessageW
0x4fd15c GetDiskFreeSpaceA
0x4fd160 DeleteFileW
0x4fd164 UnlockFile
0x4fd168 LockFileEx
0x4fd16c DeleteCriticalSection
0x4fd170 GetSystemTimeAsFileTime
0x4fd174 FormatMessageA
0x4fd178 QueryPerformanceCounter
0x4fd17c GetTickCount
0x4fd180 FlushFileBuffers
0x4fd184 WriteConsoleW
0x4fd188 HeapSize
0x4fd18c SetEnvironmentVariableW
0x4fd190 FreeEnvironmentStringsW
0x4fd194 GetEnvironmentStringsW
0x4fd198 GetCommandLineW
0x4fd19c GetCommandLineA
0x4fd1a0 GetOEMCP
0x4fd1a4 GetACP
0x4fd1a8 IsValidCodePage
0x4fd1ac GetCurrentThreadId
0x4fd1b0 LocalAlloc
0x4fd1b4 WaitForSingleObject
0x4fd1b8 GetVolumeInformationA
0x4fd1bc FindClose
0x4fd1c0 InitializeCriticalSectionEx
0x4fd1c4 FindNextFileA
0x4fd1c8 GetUserDefaultLocaleName
0x4fd1cc TerminateProcess
0x4fd1d0 WriteFile
0x4fd1d4 GetCurrentProcess
0x4fd1d8 HeapFree
0x4fd1dc FindFirstFileA
0x4fd1e0 Process32First
0x4fd1e4 GetPrivateProfileSectionNamesA
0x4fd1e8 SetStdHandle
0x4fd1ec HeapReAlloc
0x4fd1f0 EnumSystemLocalesW
0x4fd1f4 GetUserDefaultLCID
0x4fd1f8 IsValidLocale
0x4fd1fc GetLocaleInfoW
0x4fd200 ReadFile
0x4fd204 LCMapStringW
0x4fd208 CompareStringW
0x4fd20c GetTimeFormatW
0x4fd210 GetDateFormatW
0x4fd214 GetFileSizeEx
0x4fd218 GetConsoleOutputCP
0x4fd21c ReadConsoleW
0x4fd220 GetConsoleMode
0x4fd224 GetStdHandle
0x4fd228 GetModuleFileNameW
0x4fd22c GetModuleHandleExW
0x4fd230 GetFileType
0x4fd234 GetModuleFileNameA
0x4fd238 CreateFileW
0x4fd23c SetFilePointerEx
0x4fd240 LoadLibraryExW
0x4fd244 TlsFree
0x4fd248 TlsSetValue
0x4fd24c TlsGetValue
0x4fd250 TlsAlloc
0x4fd254 InitializeCriticalSectionAndSpinCount
0x4fd258 SetLastError
0x4fd25c RaiseException
0x4fd260 RtlUnwind
0x4fd264 InitializeSListHead
0x4fd268 GetStartupInfoW
0x4fd26c UnhandledExceptionFilter
0x4fd270 FindFirstFileW
0x4fd274 FindFirstFileExW
0x4fd278 FindNextFileW
0x4fd27c GetFileAttributesExW
0x4fd280 GetFinalPathNameByHandleW
0x4fd284 GetModuleHandleW
0x4fd288 GetFileInformationByHandleEx
0x4fd28c GetLocaleInfoEx
0x4fd290 InitializeSRWLock
0x4fd294 ReleaseSRWLockExclusive
0x4fd298 AcquireSRWLockExclusive
0x4fd29c TryAcquireSRWLockExclusive
0x4fd2a0 LCMapStringEx
0x4fd2a4 EncodePointer
0x4fd2a8 DecodePointer
0x4fd2ac CompareStringEx
0x4fd2b0 GetCPInfo
0x4fd2b4 GetStringTypeW
USER32.dll
0x4fd2e4 GetWindowRect
0x4fd2e8 GetDC
0x4fd2ec GetSystemMetrics
0x4fd2f0 GetKeyboardLayoutList
0x4fd2f4 GetDesktopWindow
0x4fd2f8 ReleaseDC
0x4fd2fc EnumDisplayDevicesA
0x4fd300 CharNextA
0x4fd304 wsprintfA
GDI32.dll
0x4fd03c CreateCompatibleBitmap
0x4fd040 SelectObject
0x4fd044 CreateCompatibleDC
0x4fd048 DeleteObject
0x4fd04c BitBlt
ADVAPI32.dll
0x4fd000 SystemFunction036
0x4fd004 RegOpenKeyExA
0x4fd008 RegSetValueExA
0x4fd00c RegEnumKeyA
0x4fd010 RegCloseKey
0x4fd014 GetCurrentHwProfileA
0x4fd018 RegQueryValueExA
0x4fd01c CredEnumerateA
0x4fd020 RegCreateKeyExA
0x4fd024 CredFree
0x4fd028 GetUserNameA
0x4fd02c RegEnumKeyExA
SHELL32.dll
0x4fd2d0 SHGetFolderPathA
0x4fd2d4 ShellExecuteA
ole32.dll
0x4fd374 CoUninitialize
0x4fd378 CoCreateInstance
0x4fd37c CoInitializeEx
0x4fd380 CoInitialize
WS2_32.dll
0x4fd30c WSACleanup
0x4fd310 closesocket
0x4fd314 shutdown
0x4fd318 getaddrinfo
0x4fd31c WSAStartup
0x4fd320 WSAGetLastError
0x4fd324 socket
0x4fd328 connect
0x4fd32c recv
0x4fd330 freeaddrinfo
0x4fd334 setsockopt
0x4fd338 send
CRYPT32.dll
0x4fd034 CryptUnprotectData
SHLWAPI.dll
0x4fd2dc PathFindExtensionA
gdiplus.dll
0x4fd340 GdipSaveImageToFile
0x4fd344 GdipGetImageEncodersSize
0x4fd348 GdipFree
0x4fd34c GdipDisposeImage
0x4fd350 GdipCreateBitmapFromHBITMAP
0x4fd354 GdipAlloc
0x4fd358 GdipCloneImage
0x4fd35c GdipGetImageEncoders
0x4fd360 GdiplusShutdown
0x4fd364 GdiplusStartup
SETUPAPI.dll
0x4fd2bc SetupDiEnumDeviceInterfaces
0x4fd2c0 SetupDiGetClassDevsA
0x4fd2c4 SetupDiEnumDeviceInfo
0x4fd2c8 SetupDiGetDeviceInterfaceDetailA
ntdll.dll
0x4fd36c RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none
KERNEL32.dll
0x4fd054 GetLocaleInfoA
0x4fd058 OpenProcess
0x4fd05c CreateToolhelp32Snapshot
0x4fd060 MultiByteToWideChar
0x4fd064 Sleep
0x4fd068 GetTempPathA
0x4fd06c GetModuleHandleExA
0x4fd070 GetTimeZoneInformation
0x4fd074 GetTickCount64
0x4fd078 CopyFileA
0x4fd07c GetLastError
0x4fd080 GetFileAttributesA
0x4fd084 TzSpecificLocalTimeToSystemTime
0x4fd088 CreateFileA
0x4fd08c SetEvent
0x4fd090 TerminateThread
0x4fd094 LoadLibraryA
0x4fd098 GetVersionExA
0x4fd09c DeleteFileA
0x4fd0a0 Process32Next
0x4fd0a4 CloseHandle
0x4fd0a8 GetSystemInfo
0x4fd0ac CreateThread
0x4fd0b0 ResetEvent
0x4fd0b4 GetWindowsDirectoryA
0x4fd0b8 HeapAlloc
0x4fd0bc SetFileAttributesA
0x4fd0c0 GetLocalTime
0x4fd0c4 GetProcAddress
0x4fd0c8 LocalFree
0x4fd0cc IsProcessorFeaturePresent
0x4fd0d0 GetFileSize
0x4fd0d4 RemoveDirectoryA
0x4fd0d8 ExitProcess
0x4fd0dc GetCurrentProcessId
0x4fd0e0 GetProcessHeap
0x4fd0e4 GlobalMemoryStatusEx
0x4fd0e8 FreeLibrary
0x4fd0ec WideCharToMultiByte
0x4fd0f0 CreateProcessA
0x4fd0f4 CreateDirectoryA
0x4fd0f8 GetSystemTime
0x4fd0fc CreateEventA
0x4fd100 GetModuleHandleA
0x4fd104 GetPrivateProfileStringA
0x4fd108 IsWow64Process
0x4fd10c IsDebuggerPresent
0x4fd110 GetComputerNameA
0x4fd114 SetUnhandledExceptionFilter
0x4fd118 lstrcatA
0x4fd11c lstrcpyA
0x4fd120 lstrcpynA
0x4fd124 SetFilePointer
0x4fd128 lstrlenA
0x4fd12c AreFileApisANSI
0x4fd130 EnterCriticalSection
0x4fd134 GetFullPathNameW
0x4fd138 GetDiskFreeSpaceW
0x4fd13c LockFile
0x4fd140 LeaveCriticalSection
0x4fd144 InitializeCriticalSection
0x4fd148 GetFullPathNameA
0x4fd14c SetEndOfFile
0x4fd150 GetTempPathW
0x4fd154 GetFileAttributesW
0x4fd158 FormatMessageW
0x4fd15c GetDiskFreeSpaceA
0x4fd160 DeleteFileW
0x4fd164 UnlockFile
0x4fd168 LockFileEx
0x4fd16c DeleteCriticalSection
0x4fd170 GetSystemTimeAsFileTime
0x4fd174 FormatMessageA
0x4fd178 QueryPerformanceCounter
0x4fd17c GetTickCount
0x4fd180 FlushFileBuffers
0x4fd184 WriteConsoleW
0x4fd188 HeapSize
0x4fd18c SetEnvironmentVariableW
0x4fd190 FreeEnvironmentStringsW
0x4fd194 GetEnvironmentStringsW
0x4fd198 GetCommandLineW
0x4fd19c GetCommandLineA
0x4fd1a0 GetOEMCP
0x4fd1a4 GetACP
0x4fd1a8 IsValidCodePage
0x4fd1ac GetCurrentThreadId
0x4fd1b0 LocalAlloc
0x4fd1b4 WaitForSingleObject
0x4fd1b8 GetVolumeInformationA
0x4fd1bc FindClose
0x4fd1c0 InitializeCriticalSectionEx
0x4fd1c4 FindNextFileA
0x4fd1c8 GetUserDefaultLocaleName
0x4fd1cc TerminateProcess
0x4fd1d0 WriteFile
0x4fd1d4 GetCurrentProcess
0x4fd1d8 HeapFree
0x4fd1dc FindFirstFileA
0x4fd1e0 Process32First
0x4fd1e4 GetPrivateProfileSectionNamesA
0x4fd1e8 SetStdHandle
0x4fd1ec HeapReAlloc
0x4fd1f0 EnumSystemLocalesW
0x4fd1f4 GetUserDefaultLCID
0x4fd1f8 IsValidLocale
0x4fd1fc GetLocaleInfoW
0x4fd200 ReadFile
0x4fd204 LCMapStringW
0x4fd208 CompareStringW
0x4fd20c GetTimeFormatW
0x4fd210 GetDateFormatW
0x4fd214 GetFileSizeEx
0x4fd218 GetConsoleOutputCP
0x4fd21c ReadConsoleW
0x4fd220 GetConsoleMode
0x4fd224 GetStdHandle
0x4fd228 GetModuleFileNameW
0x4fd22c GetModuleHandleExW
0x4fd230 GetFileType
0x4fd234 GetModuleFileNameA
0x4fd238 CreateFileW
0x4fd23c SetFilePointerEx
0x4fd240 LoadLibraryExW
0x4fd244 TlsFree
0x4fd248 TlsSetValue
0x4fd24c TlsGetValue
0x4fd250 TlsAlloc
0x4fd254 InitializeCriticalSectionAndSpinCount
0x4fd258 SetLastError
0x4fd25c RaiseException
0x4fd260 RtlUnwind
0x4fd264 InitializeSListHead
0x4fd268 GetStartupInfoW
0x4fd26c UnhandledExceptionFilter
0x4fd270 FindFirstFileW
0x4fd274 FindFirstFileExW
0x4fd278 FindNextFileW
0x4fd27c GetFileAttributesExW
0x4fd280 GetFinalPathNameByHandleW
0x4fd284 GetModuleHandleW
0x4fd288 GetFileInformationByHandleEx
0x4fd28c GetLocaleInfoEx
0x4fd290 InitializeSRWLock
0x4fd294 ReleaseSRWLockExclusive
0x4fd298 AcquireSRWLockExclusive
0x4fd29c TryAcquireSRWLockExclusive
0x4fd2a0 LCMapStringEx
0x4fd2a4 EncodePointer
0x4fd2a8 DecodePointer
0x4fd2ac CompareStringEx
0x4fd2b0 GetCPInfo
0x4fd2b4 GetStringTypeW
USER32.dll
0x4fd2e4 GetWindowRect
0x4fd2e8 GetDC
0x4fd2ec GetSystemMetrics
0x4fd2f0 GetKeyboardLayoutList
0x4fd2f4 GetDesktopWindow
0x4fd2f8 ReleaseDC
0x4fd2fc EnumDisplayDevicesA
0x4fd300 CharNextA
0x4fd304 wsprintfA
GDI32.dll
0x4fd03c CreateCompatibleBitmap
0x4fd040 SelectObject
0x4fd044 CreateCompatibleDC
0x4fd048 DeleteObject
0x4fd04c BitBlt
ADVAPI32.dll
0x4fd000 SystemFunction036
0x4fd004 RegOpenKeyExA
0x4fd008 RegSetValueExA
0x4fd00c RegEnumKeyA
0x4fd010 RegCloseKey
0x4fd014 GetCurrentHwProfileA
0x4fd018 RegQueryValueExA
0x4fd01c CredEnumerateA
0x4fd020 RegCreateKeyExA
0x4fd024 CredFree
0x4fd028 GetUserNameA
0x4fd02c RegEnumKeyExA
SHELL32.dll
0x4fd2d0 SHGetFolderPathA
0x4fd2d4 ShellExecuteA
ole32.dll
0x4fd374 CoUninitialize
0x4fd378 CoCreateInstance
0x4fd37c CoInitializeEx
0x4fd380 CoInitialize
WS2_32.dll
0x4fd30c WSACleanup
0x4fd310 closesocket
0x4fd314 shutdown
0x4fd318 getaddrinfo
0x4fd31c WSAStartup
0x4fd320 WSAGetLastError
0x4fd324 socket
0x4fd328 connect
0x4fd32c recv
0x4fd330 freeaddrinfo
0x4fd334 setsockopt
0x4fd338 send
CRYPT32.dll
0x4fd034 CryptUnprotectData
SHLWAPI.dll
0x4fd2dc PathFindExtensionA
gdiplus.dll
0x4fd340 GdipSaveImageToFile
0x4fd344 GdipGetImageEncodersSize
0x4fd348 GdipFree
0x4fd34c GdipDisposeImage
0x4fd350 GdipCreateBitmapFromHBITMAP
0x4fd354 GdipAlloc
0x4fd358 GdipCloneImage
0x4fd35c GdipGetImageEncoders
0x4fd360 GdiplusShutdown
0x4fd364 GdiplusStartup
SETUPAPI.dll
0x4fd2bc SetupDiEnumDeviceInterfaces
0x4fd2c0 SetupDiGetClassDevsA
0x4fd2c4 SetupDiEnumDeviceInfo
0x4fd2c8 SetupDiGetDeviceInterfaceDetailA
ntdll.dll
0x4fd36c RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none