popup

Report - StealerClient_Cpp.exe

Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.01.24 09:44 Machine s1_win7_x6403
Filename StealerClient_Cpp.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
2
 Behavior Score
1.2
ZERO API file : mailcious
VT API (file) 50 detected (RisePro, Windows, Threat, Malicious, score, Sality, Zusy, unsafe, V1bc, Attribute, HighConfidence, ADVG, Artemis, TrojanX, Mikey, kgnvaz, CLASSIC, AGEN, Siggen23, R014C0DAN24, Outbreak, Detected, RiseProStealer, Eldorado, R630829, ZexaF, Av0@ai5ZRImk, BScope, PasswordStealer, GdSda, Gencirc, Static AI, Suspicious PE, susgen, confidence)
md5 910a8c9c1a1c5ae9af654fe148d885d1
sha256 76c9a87296e68921fd2c0a6739a7b46676e6672780ef500d516251eea57c0084
ssdeep 24576:hCTr8oNphcGH1PqA8kLdaRt+7MwPbCJbO1IAUoGEEhVllxaiZMhlTW1XxkkzM3zd:wbN+h5xoXfFMzbvj5paT+Ec7+xLE6ZL
imphash ae151554f70f2ebb91efb3d234aee033
impfuzzy 96:tjEtkzwbKPc+p7tGOWqLezpwzmGGFWkOTCkbxPDuUn:yuzWctGHZqWW/Cp+
  Network IP location

Signature (1cnts)

Level Description
danger File has been identified by 50 AntiVirus engines on VirusTotal as malicious

Rules (6cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x52a050 GetVolumeInformationA
 0x52a054 WaitForSingleObject
 0x52a058 LocalAlloc
 0x52a05c GetCurrentThreadId
 0x52a060 GetModuleHandleA
 0x52a064 GetLocaleInfoA
 0x52a068 OpenProcess
 0x52a06c CreateToolhelp32Snapshot
 0x52a070 MultiByteToWideChar
 0x52a074 Sleep
 0x52a078 GetTempPathA
 0x52a07c GetModuleHandleExA
 0x52a080 GetTimeZoneInformation
 0x52a084 GetTickCount64
 0x52a088 CopyFileA
 0x52a08c GetLastError
 0x52a090 GetFileAttributesA
 0x52a094 TzSpecificLocalTimeToSystemTime
 0x52a098 CreateFileA
 0x52a09c SetEvent
 0x52a0a0 TerminateThread
 0x52a0a4 LoadLibraryA
 0x52a0a8 GetVersionExA
 0x52a0ac DeleteFileA
 0x52a0b0 Process32Next
 0x52a0b4 CloseHandle
 0x52a0b8 GetSystemInfo
 0x52a0bc CreateThread
 0x52a0c0 ResetEvent
 0x52a0c4 GetWindowsDirectoryA
 0x52a0c8 HeapAlloc
 0x52a0cc SetFileAttributesA
 0x52a0d0 GetLocalTime
 0x52a0d4 GetProcAddress
 0x52a0d8 VirtualAllocEx
 0x52a0dc LocalFree
 0x52a0e0 IsProcessorFeaturePresent
 0x52a0e4 GetFileSize
 0x52a0e8 RemoveDirectoryA
 0x52a0ec ReadProcessMemory
 0x52a0f0 GetCurrentProcessId
 0x52a0f4 GetProcessHeap
 0x52a0f8 GlobalMemoryStatusEx
 0x52a0fc FreeLibrary
 0x52a100 WideCharToMultiByte
 0x52a104 CreateRemoteThread
 0x52a108 CreateDirectoryA
 0x52a10c GetSystemTime
 0x52a110 CreateMutexA
 0x52a114 CreateEventA
 0x52a118 GetPrivateProfileStringA
 0x52a11c IsWow64Process
 0x52a120 IsDebuggerPresent
 0x52a124 VirtualQueryEx
 0x52a128 GetComputerNameA
 0x52a12c SetUnhandledExceptionFilter
 0x52a130 GetUserDefaultLocaleName
 0x52a134 lstrcpynA
 0x52a138 SetFilePointer
 0x52a13c CreateFileW
 0x52a140 AreFileApisANSI
 0x52a144 EnterCriticalSection
 0x52a148 GetFullPathNameW
 0x52a14c GetDiskFreeSpaceW
 0x52a150 LockFile
 0x52a154 LeaveCriticalSection
 0x52a158 InitializeCriticalSection
 0x52a15c GetFullPathNameA
 0x52a160 SetEndOfFile
 0x52a164 GetTempPathW
 0x52a168 GetFileAttributesW
 0x52a16c FormatMessageW
 0x52a170 GetDiskFreeSpaceA
 0x52a174 DeleteFileW
 0x52a178 UnlockFile
 0x52a17c LockFileEx
 0x52a180 DeleteCriticalSection
 0x52a184 GetSystemTimeAsFileTime
 0x52a188 FormatMessageA
 0x52a18c QueryPerformanceCounter
 0x52a190 GetTickCount
 0x52a194 FlushFileBuffers
 0x52a198 HeapSize
 0x52a19c SetEnvironmentVariableW
 0x52a1a0 FreeEnvironmentStringsW
 0x52a1a4 GetEnvironmentStringsW
 0x52a1a8 GetCommandLineW
 0x52a1ac GetCommandLineA
 0x52a1b0 GetOEMCP
 0x52a1b4 GetACP
 0x52a1b8 IsValidCodePage
 0x52a1bc SetStdHandle
 0x52a1c0 HeapReAlloc
 0x52a1c4 FindClose
 0x52a1c8 lstrlenA
 0x52a1cc InitializeCriticalSectionEx
 0x52a1d0 VirtualFreeEx
 0x52a1d4 FindNextFileA
 0x52a1d8 TerminateProcess
 0x52a1dc OutputDebugStringA
 0x52a1e0 WriteFile
 0x52a1e4 GetCurrentProcess
 0x52a1e8 HeapFree
 0x52a1ec FindFirstFileA
 0x52a1f0 WriteProcessMemory
 0x52a1f4 Process32First
 0x52a1f8 GetPrivateProfileSectionNamesA
 0x52a1fc ReadFile
 0x52a200 EnumSystemLocalesW
 0x52a204 GetUserDefaultLCID
 0x52a208 IsValidLocale
 0x52a20c GetLocaleInfoW
 0x52a210 LCMapStringW
 0x52a214 CompareStringW
 0x52a218 GetTimeFormatW
 0x52a21c GetDateFormatW
 0x52a220 GetFileSizeEx
 0x52a224 GetConsoleOutputCP
 0x52a228 ReadConsoleW
 0x52a22c GetConsoleMode
 0x52a230 GetStdHandle
 0x52a234 GetModuleFileNameW
 0x52a238 GetModuleHandleExW
 0x52a23c ExitProcess
 0x52a240 GetFileType
 0x52a244 SetFilePointerEx
 0x52a248 LoadLibraryExW
 0x52a24c TlsFree
 0x52a250 GetModuleFileNameA
 0x52a254 TlsSetValue
 0x52a258 TlsGetValue
 0x52a25c TlsAlloc
 0x52a260 InitializeCriticalSectionAndSpinCount
 0x52a264 SetLastError
 0x52a268 RaiseException
 0x52a26c RtlUnwind
 0x52a270 InitializeSListHead
 0x52a274 GetStartupInfoW
 0x52a278 UnhandledExceptionFilter
 0x52a27c GetStringTypeW
 0x52a280 FindFirstFileW
 0x52a284 FindFirstFileExW
 0x52a288 FindNextFileW
 0x52a28c GetFileAttributesExW
 0x52a290 GetFinalPathNameByHandleW
 0x52a294 GetModuleHandleW
 0x52a298 GetFileInformationByHandleEx
 0x52a29c GetLocaleInfoEx
 0x52a2a0 InitializeSRWLock
 0x52a2a4 ReleaseSRWLockExclusive
 0x52a2a8 AcquireSRWLockExclusive
 0x52a2ac TryAcquireSRWLockExclusive
 0x52a2b0 LCMapStringEx
 0x52a2b4 EncodePointer
 0x52a2b8 DecodePointer
 0x52a2bc CompareStringEx
 0x52a2c0 GetCPInfo
 0x52a2c4 WriteConsoleW
USER32.dll
 0x52a2f4 GetSystemMetrics
 0x52a2f8 GetDC
 0x52a2fc GetKeyboardLayoutList
 0x52a300 EnumDisplayDevicesA
 0x52a304 CharNextA
 0x52a308 GetWindowRect
 0x52a30c wsprintfA
 0x52a310 GetCursorPos
 0x52a314 ReleaseDC
 0x52a318 GetDesktopWindow
GDI32.dll
 0x52a038 CreateCompatibleBitmap
 0x52a03c SelectObject
 0x52a040 CreateCompatibleDC
 0x52a044 DeleteObject
 0x52a048 BitBlt
ADVAPI32.dll
 0x52a000 CredEnumerateA
 0x52a004 RegOpenKeyExA
 0x52a008 RegEnumKeyA
 0x52a00c RegCloseKey
 0x52a010 GetCurrentHwProfileA
 0x52a014 RegQueryValueExA
 0x52a018 RegEnumKeyExA
 0x52a01c RegCreateKeyExA
 0x52a020 CredFree
 0x52a024 GetUserNameA
 0x52a028 RegSetValueExA
SHELL32.dll
 0x52a2e0 ShellExecuteA
 0x52a2e4 SHGetFolderPathA
ole32.dll
 0x52a37c CoInitializeEx
 0x52a380 CoCreateInstance
 0x52a384 CoInitialize
 0x52a388 CoUninitialize
WS2_32.dll
 0x52a320 getaddrinfo
 0x52a324 WSAStartup
 0x52a328 send
 0x52a32c socket
 0x52a330 connect
 0x52a334 recv
 0x52a338 freeaddrinfo
 0x52a33c setsockopt
 0x52a340 WSAGetLastError
 0x52a344 WSACleanup
 0x52a348 closesocket
 0x52a34c shutdown
CRYPT32.dll
 0x52a030 CryptUnprotectData
SHLWAPI.dll
 0x52a2ec PathFindExtensionA
gdiplus.dll
 0x52a354 GdiplusStartup
 0x52a358 GdiplusShutdown
 0x52a35c GdipDisposeImage
 0x52a360 GdipSaveImageToFile
 0x52a364 GdipGetImageEncodersSize
 0x52a368 GdipCreateBitmapFromHBITMAP
 0x52a36c GdipGetImageEncoders
SETUPAPI.dll
 0x52a2cc SetupDiEnumDeviceInterfaces
 0x52a2d0 SetupDiEnumDeviceInfo
 0x52a2d4 SetupDiGetDeviceInterfaceDetailA
 0x52a2d8 SetupDiGetClassDevsA
ntdll.dll
 0x52a374 RtlUnicodeStringToAnsiString

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure