ScreenShot
| Created | 2023.11.07 19:07 | Machine | s1_win7_x6401 |
| Filename | StealerClient_Cpp.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 0e149c713146c9c1ea53d7b7fa3b39e1 | ||
| sha256 | 2f5370312110028e933cdcb12b331523010b79293fc924ec3ff316ffcafdef23 | ||
| ssdeep | 24576:MF9uwNfSKYFODIbxDtU9jyuSmsLNvwqsbQJWBMFbSFv/XsTRY+9W54KycnnC3:qgKal12UpkbQJW2FbSFXXsTv9W54Kycm | ||
| imphash | 25c8ae30cd1820a1b5b2591280c2ac98 | ||
| impfuzzy | 96:5jEHYknaDPc+p7tGOWqLeff9mGGBWkOMLNcriXE9n:GHrnvctGHsWAVI | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x505054 GetCurrentThreadId
0x505058 GetModuleHandleA
0x50505c GetLocaleInfoA
0x505060 OpenProcess
0x505064 CreateToolhelp32Snapshot
0x505068 MultiByteToWideChar
0x50506c Sleep
0x505070 GetTempPathA
0x505074 GetModuleHandleExA
0x505078 GetTimeZoneInformation
0x50507c GetTickCount64
0x505080 CopyFileA
0x505084 GetLastError
0x505088 GetFileAttributesA
0x50508c TzSpecificLocalTimeToSystemTime
0x505090 CreateFileA
0x505094 SetEvent
0x505098 TerminateThread
0x50509c LoadLibraryA
0x5050a0 GetVersionExA
0x5050a4 DeleteFileA
0x5050a8 Process32Next
0x5050ac CloseHandle
0x5050b0 GetSystemInfo
0x5050b4 CreateThread
0x5050b8 ResetEvent
0x5050bc GetWindowsDirectoryA
0x5050c0 HeapAlloc
0x5050c4 SetFileAttributesA
0x5050c8 GetLocalTime
0x5050cc GetProcAddress
0x5050d0 VirtualAllocEx
0x5050d4 LocalFree
0x5050d8 IsProcessorFeaturePresent
0x5050dc GetFileSize
0x5050e0 RemoveDirectoryA
0x5050e4 ExitProcess
0x5050e8 GetCurrentProcessId
0x5050ec GetProcessHeap
0x5050f0 GlobalMemoryStatusEx
0x5050f4 FreeLibrary
0x5050f8 WideCharToMultiByte
0x5050fc CreateRemoteThread
0x505100 CreateProcessA
0x505104 CreateDirectoryA
0x505108 GetSystemTime
0x50510c LocalAlloc
0x505110 CreateEventA
0x505114 GetPrivateProfileStringA
0x505118 IsWow64Process
0x50511c IsDebuggerPresent
0x505120 GetComputerNameA
0x505124 SetUnhandledExceptionFilter
0x505128 lstrcatA
0x50512c lstrcpyA
0x505130 SetFilePointer
0x505134 CreateFileW
0x505138 AreFileApisANSI
0x50513c EnterCriticalSection
0x505140 GetFullPathNameW
0x505144 GetDiskFreeSpaceW
0x505148 LockFile
0x50514c LeaveCriticalSection
0x505150 InitializeCriticalSection
0x505154 GetFullPathNameA
0x505158 SetEndOfFile
0x50515c GetTempPathW
0x505160 GetFileAttributesW
0x505164 FormatMessageW
0x505168 GetDiskFreeSpaceA
0x50516c DeleteFileW
0x505170 UnlockFile
0x505174 LockFileEx
0x505178 DeleteCriticalSection
0x50517c GetSystemTimeAsFileTime
0x505180 FormatMessageA
0x505184 QueryPerformanceCounter
0x505188 GetTickCount
0x50518c FlushFileBuffers
0x505190 WriteConsoleW
0x505194 HeapSize
0x505198 SetEnvironmentVariableW
0x50519c FreeEnvironmentStringsW
0x5051a0 GetEnvironmentStringsW
0x5051a4 GetCommandLineW
0x5051a8 GetCommandLineA
0x5051ac GetOEMCP
0x5051b0 GetACP
0x5051b4 IsValidCodePage
0x5051b8 WaitForSingleObject
0x5051bc GetVolumeInformationA
0x5051c0 CreateMutexA
0x5051c4 FindClose
0x5051c8 VirtualFreeEx
0x5051cc lstrlenA
0x5051d0 InitializeCriticalSectionEx
0x5051d4 FindNextFileA
0x5051d8 GetUserDefaultLocaleName
0x5051dc TerminateProcess
0x5051e0 WriteFile
0x5051e4 GetCurrentProcess
0x5051e8 HeapFree
0x5051ec FindFirstFileA
0x5051f0 WriteProcessMemory
0x5051f4 Process32First
0x5051f8 GetPrivateProfileSectionNamesA
0x5051fc SetStdHandle
0x505200 HeapReAlloc
0x505204 EnumSystemLocalesW
0x505208 ReadFile
0x50520c GetUserDefaultLCID
0x505210 IsValidLocale
0x505214 GetLocaleInfoW
0x505218 LCMapStringW
0x50521c CompareStringW
0x505220 GetTimeFormatW
0x505224 GetDateFormatW
0x505228 GetFileSizeEx
0x50522c GetConsoleOutputCP
0x505230 ReadConsoleW
0x505234 GetConsoleMode
0x505238 GetStdHandle
0x50523c GetModuleFileNameW
0x505240 GetModuleHandleExW
0x505244 GetFileType
0x505248 GetModuleFileNameA
0x50524c lstrcpynA
0x505250 SetFilePointerEx
0x505254 LoadLibraryExW
0x505258 TlsFree
0x50525c TlsSetValue
0x505260 TlsGetValue
0x505264 TlsAlloc
0x505268 InitializeCriticalSectionAndSpinCount
0x50526c SetLastError
0x505270 RaiseException
0x505274 RtlUnwind
0x505278 InitializeSListHead
0x50527c GetStartupInfoW
0x505280 UnhandledExceptionFilter
0x505284 FindFirstFileW
0x505288 FindFirstFileExW
0x50528c FindNextFileW
0x505290 GetFileAttributesExW
0x505294 GetFinalPathNameByHandleW
0x505298 GetModuleHandleW
0x50529c GetFileInformationByHandleEx
0x5052a0 GetLocaleInfoEx
0x5052a4 InitializeSRWLock
0x5052a8 ReleaseSRWLockExclusive
0x5052ac AcquireSRWLockExclusive
0x5052b0 TryAcquireSRWLockExclusive
0x5052b4 LCMapStringEx
0x5052b8 EncodePointer
0x5052bc DecodePointer
0x5052c0 CompareStringEx
0x5052c4 GetCPInfo
0x5052c8 GetStringTypeW
USER32.dll
0x5052f8 GetWindowRect
0x5052fc GetDC
0x505300 GetSystemMetrics
0x505304 GetKeyboardLayoutList
0x505308 GetDesktopWindow
0x50530c ReleaseDC
0x505310 EnumDisplayDevicesA
0x505314 CharNextA
0x505318 wsprintfA
GDI32.dll
0x50503c CreateCompatibleBitmap
0x505040 SelectObject
0x505044 CreateCompatibleDC
0x505048 DeleteObject
0x50504c BitBlt
ADVAPI32.dll
0x505000 SystemFunction036
0x505004 RegOpenKeyExA
0x505008 RegSetValueExA
0x50500c RegEnumKeyA
0x505010 RegCloseKey
0x505014 GetCurrentHwProfileA
0x505018 RegQueryValueExA
0x50501c CredEnumerateA
0x505020 RegCreateKeyExA
0x505024 CredFree
0x505028 GetUserNameA
0x50502c RegEnumKeyExA
SHELL32.dll
0x5052e4 SHGetFolderPathA
0x5052e8 ShellExecuteA
ole32.dll
0x505388 CoCreateInstance
0x50538c CoInitializeEx
0x505390 CoUninitialize
0x505394 CoInitialize
WS2_32.dll
0x505320 WSACleanup
0x505324 closesocket
0x505328 shutdown
0x50532c getaddrinfo
0x505330 WSAStartup
0x505334 WSAGetLastError
0x505338 socket
0x50533c connect
0x505340 recv
0x505344 freeaddrinfo
0x505348 setsockopt
0x50534c send
CRYPT32.dll
0x505034 CryptUnprotectData
SHLWAPI.dll
0x5052f0 PathFindExtensionA
gdiplus.dll
0x505354 GdipSaveImageToFile
0x505358 GdipGetImageEncodersSize
0x50535c GdipFree
0x505360 GdipDisposeImage
0x505364 GdipCreateBitmapFromHBITMAP
0x505368 GdipAlloc
0x50536c GdipCloneImage
0x505370 GdipGetImageEncoders
0x505374 GdiplusShutdown
0x505378 GdiplusStartup
SETUPAPI.dll
0x5052d0 SetupDiEnumDeviceInterfaces
0x5052d4 SetupDiGetClassDevsA
0x5052d8 SetupDiEnumDeviceInfo
0x5052dc SetupDiGetDeviceInterfaceDetailA
ntdll.dll
0x505380 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none
KERNEL32.dll
0x505054 GetCurrentThreadId
0x505058 GetModuleHandleA
0x50505c GetLocaleInfoA
0x505060 OpenProcess
0x505064 CreateToolhelp32Snapshot
0x505068 MultiByteToWideChar
0x50506c Sleep
0x505070 GetTempPathA
0x505074 GetModuleHandleExA
0x505078 GetTimeZoneInformation
0x50507c GetTickCount64
0x505080 CopyFileA
0x505084 GetLastError
0x505088 GetFileAttributesA
0x50508c TzSpecificLocalTimeToSystemTime
0x505090 CreateFileA
0x505094 SetEvent
0x505098 TerminateThread
0x50509c LoadLibraryA
0x5050a0 GetVersionExA
0x5050a4 DeleteFileA
0x5050a8 Process32Next
0x5050ac CloseHandle
0x5050b0 GetSystemInfo
0x5050b4 CreateThread
0x5050b8 ResetEvent
0x5050bc GetWindowsDirectoryA
0x5050c0 HeapAlloc
0x5050c4 SetFileAttributesA
0x5050c8 GetLocalTime
0x5050cc GetProcAddress
0x5050d0 VirtualAllocEx
0x5050d4 LocalFree
0x5050d8 IsProcessorFeaturePresent
0x5050dc GetFileSize
0x5050e0 RemoveDirectoryA
0x5050e4 ExitProcess
0x5050e8 GetCurrentProcessId
0x5050ec GetProcessHeap
0x5050f0 GlobalMemoryStatusEx
0x5050f4 FreeLibrary
0x5050f8 WideCharToMultiByte
0x5050fc CreateRemoteThread
0x505100 CreateProcessA
0x505104 CreateDirectoryA
0x505108 GetSystemTime
0x50510c LocalAlloc
0x505110 CreateEventA
0x505114 GetPrivateProfileStringA
0x505118 IsWow64Process
0x50511c IsDebuggerPresent
0x505120 GetComputerNameA
0x505124 SetUnhandledExceptionFilter
0x505128 lstrcatA
0x50512c lstrcpyA
0x505130 SetFilePointer
0x505134 CreateFileW
0x505138 AreFileApisANSI
0x50513c EnterCriticalSection
0x505140 GetFullPathNameW
0x505144 GetDiskFreeSpaceW
0x505148 LockFile
0x50514c LeaveCriticalSection
0x505150 InitializeCriticalSection
0x505154 GetFullPathNameA
0x505158 SetEndOfFile
0x50515c GetTempPathW
0x505160 GetFileAttributesW
0x505164 FormatMessageW
0x505168 GetDiskFreeSpaceA
0x50516c DeleteFileW
0x505170 UnlockFile
0x505174 LockFileEx
0x505178 DeleteCriticalSection
0x50517c GetSystemTimeAsFileTime
0x505180 FormatMessageA
0x505184 QueryPerformanceCounter
0x505188 GetTickCount
0x50518c FlushFileBuffers
0x505190 WriteConsoleW
0x505194 HeapSize
0x505198 SetEnvironmentVariableW
0x50519c FreeEnvironmentStringsW
0x5051a0 GetEnvironmentStringsW
0x5051a4 GetCommandLineW
0x5051a8 GetCommandLineA
0x5051ac GetOEMCP
0x5051b0 GetACP
0x5051b4 IsValidCodePage
0x5051b8 WaitForSingleObject
0x5051bc GetVolumeInformationA
0x5051c0 CreateMutexA
0x5051c4 FindClose
0x5051c8 VirtualFreeEx
0x5051cc lstrlenA
0x5051d0 InitializeCriticalSectionEx
0x5051d4 FindNextFileA
0x5051d8 GetUserDefaultLocaleName
0x5051dc TerminateProcess
0x5051e0 WriteFile
0x5051e4 GetCurrentProcess
0x5051e8 HeapFree
0x5051ec FindFirstFileA
0x5051f0 WriteProcessMemory
0x5051f4 Process32First
0x5051f8 GetPrivateProfileSectionNamesA
0x5051fc SetStdHandle
0x505200 HeapReAlloc
0x505204 EnumSystemLocalesW
0x505208 ReadFile
0x50520c GetUserDefaultLCID
0x505210 IsValidLocale
0x505214 GetLocaleInfoW
0x505218 LCMapStringW
0x50521c CompareStringW
0x505220 GetTimeFormatW
0x505224 GetDateFormatW
0x505228 GetFileSizeEx
0x50522c GetConsoleOutputCP
0x505230 ReadConsoleW
0x505234 GetConsoleMode
0x505238 GetStdHandle
0x50523c GetModuleFileNameW
0x505240 GetModuleHandleExW
0x505244 GetFileType
0x505248 GetModuleFileNameA
0x50524c lstrcpynA
0x505250 SetFilePointerEx
0x505254 LoadLibraryExW
0x505258 TlsFree
0x50525c TlsSetValue
0x505260 TlsGetValue
0x505264 TlsAlloc
0x505268 InitializeCriticalSectionAndSpinCount
0x50526c SetLastError
0x505270 RaiseException
0x505274 RtlUnwind
0x505278 InitializeSListHead
0x50527c GetStartupInfoW
0x505280 UnhandledExceptionFilter
0x505284 FindFirstFileW
0x505288 FindFirstFileExW
0x50528c FindNextFileW
0x505290 GetFileAttributesExW
0x505294 GetFinalPathNameByHandleW
0x505298 GetModuleHandleW
0x50529c GetFileInformationByHandleEx
0x5052a0 GetLocaleInfoEx
0x5052a4 InitializeSRWLock
0x5052a8 ReleaseSRWLockExclusive
0x5052ac AcquireSRWLockExclusive
0x5052b0 TryAcquireSRWLockExclusive
0x5052b4 LCMapStringEx
0x5052b8 EncodePointer
0x5052bc DecodePointer
0x5052c0 CompareStringEx
0x5052c4 GetCPInfo
0x5052c8 GetStringTypeW
USER32.dll
0x5052f8 GetWindowRect
0x5052fc GetDC
0x505300 GetSystemMetrics
0x505304 GetKeyboardLayoutList
0x505308 GetDesktopWindow
0x50530c ReleaseDC
0x505310 EnumDisplayDevicesA
0x505314 CharNextA
0x505318 wsprintfA
GDI32.dll
0x50503c CreateCompatibleBitmap
0x505040 SelectObject
0x505044 CreateCompatibleDC
0x505048 DeleteObject
0x50504c BitBlt
ADVAPI32.dll
0x505000 SystemFunction036
0x505004 RegOpenKeyExA
0x505008 RegSetValueExA
0x50500c RegEnumKeyA
0x505010 RegCloseKey
0x505014 GetCurrentHwProfileA
0x505018 RegQueryValueExA
0x50501c CredEnumerateA
0x505020 RegCreateKeyExA
0x505024 CredFree
0x505028 GetUserNameA
0x50502c RegEnumKeyExA
SHELL32.dll
0x5052e4 SHGetFolderPathA
0x5052e8 ShellExecuteA
ole32.dll
0x505388 CoCreateInstance
0x50538c CoInitializeEx
0x505390 CoUninitialize
0x505394 CoInitialize
WS2_32.dll
0x505320 WSACleanup
0x505324 closesocket
0x505328 shutdown
0x50532c getaddrinfo
0x505330 WSAStartup
0x505334 WSAGetLastError
0x505338 socket
0x50533c connect
0x505340 recv
0x505344 freeaddrinfo
0x505348 setsockopt
0x50534c send
CRYPT32.dll
0x505034 CryptUnprotectData
SHLWAPI.dll
0x5052f0 PathFindExtensionA
gdiplus.dll
0x505354 GdipSaveImageToFile
0x505358 GdipGetImageEncodersSize
0x50535c GdipFree
0x505360 GdipDisposeImage
0x505364 GdipCreateBitmapFromHBITMAP
0x505368 GdipAlloc
0x50536c GdipCloneImage
0x505370 GdipGetImageEncoders
0x505374 GdiplusShutdown
0x505378 GdiplusStartup
SETUPAPI.dll
0x5052d0 SetupDiEnumDeviceInterfaces
0x5052d4 SetupDiGetClassDevsA
0x5052d8 SetupDiEnumDeviceInfo
0x5052dc SetupDiGetDeviceInterfaceDetailA
ntdll.dll
0x505380 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none