ScreenShot
| Created | 2024.04.03 22:50 | Machine | s1_win7_x6401 |
| Filename | StealerClient_Cpp.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, RisePro, malicious, high confidence, score, Sality, Lazy, unsafe, Vub6, TrojanPSW, Genus, Attribute, HighConfidence, ADVG, Artemis, Doina, kaktrr, rapml, Siggen21, Detected, ai score=84, Malware@#acs3pu14jpng, Znyonm, ABRisk, KJMC, R606193, ZexaF, uv0@a8760bok, Gencirc, mzVUU99dQ, Static AI, Suspicious PE, Chgt, confidence, 100%) | ||
| md5 | a2a68318da5737ff0327f6d53438be60 | ||
| sha256 | 4917998ae87d6701c157bc4026f8418585148329cefdb3d96a8b968bf6b9704a | ||
| ssdeep | 24576:GtpKQCcDpR/XmaX/BKx321wKbM3IFZK0FvtTrP7NraTXJC6zo3+fGua:vc/pMQbM3IvK0tt37NraTjzo3+fGua | ||
| imphash | 7244c4b0593c90895b4151a844e951d8 | ||
| impfuzzy | 96:fEiYkf1aWPc+p7tGOWqpefwsmGGBWkOevgf2iTSln:8irNCctGH+Wy+jc | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x518050 GetModuleHandleA
0x518054 GetLocaleInfoA
0x518058 OpenProcess
0x51805c CreateToolhelp32Snapshot
0x518060 MultiByteToWideChar
0x518064 Sleep
0x518068 GetTempPathA
0x51806c GetModuleHandleExA
0x518070 GetTimeZoneInformation
0x518074 GetTickCount64
0x518078 CopyFileA
0x51807c GetLastError
0x518080 GetFileAttributesA
0x518084 TzSpecificLocalTimeToSystemTime
0x518088 CreateFileA
0x51808c SetEvent
0x518090 TerminateThread
0x518094 LoadLibraryA
0x518098 GetVersionExA
0x51809c DeleteFileA
0x5180a0 Process32Next
0x5180a4 CloseHandle
0x5180a8 GetSystemInfo
0x5180ac CreateThread
0x5180b0 ResetEvent
0x5180b4 GetWindowsDirectoryA
0x5180b8 HeapAlloc
0x5180bc SetFileAttributesA
0x5180c0 GetLocalTime
0x5180c4 GetProcAddress
0x5180c8 LocalFree
0x5180cc IsProcessorFeaturePresent
0x5180d0 GetFileSize
0x5180d4 RemoveDirectoryA
0x5180d8 ExitProcess
0x5180dc GetCurrentProcessId
0x5180e0 GetProcessHeap
0x5180e4 GlobalMemoryStatusEx
0x5180e8 FreeLibrary
0x5180ec WideCharToMultiByte
0x5180f0 CreateDirectoryA
0x5180f4 GetSystemTime
0x5180f8 CreateEventA
0x5180fc GetCurrentThreadId
0x518100 GetPrivateProfileStringA
0x518104 IsWow64Process
0x518108 IsDebuggerPresent
0x51810c GetComputerNameA
0x518110 SetUnhandledExceptionFilter
0x518114 lstrcatA
0x518118 lstrcpyA
0x51811c lstrcpynA
0x518120 SetFilePointer
0x518124 AreFileApisANSI
0x518128 EnterCriticalSection
0x51812c GetFullPathNameW
0x518130 GetDiskFreeSpaceW
0x518134 LockFile
0x518138 LeaveCriticalSection
0x51813c InitializeCriticalSection
0x518140 GetFullPathNameA
0x518144 SetEndOfFile
0x518148 GetTempPathW
0x51814c GetFileAttributesW
0x518150 FormatMessageW
0x518154 GetDiskFreeSpaceA
0x518158 DeleteFileW
0x51815c UnlockFile
0x518160 LockFileEx
0x518164 DeleteCriticalSection
0x518168 GetSystemTimeAsFileTime
0x51816c FormatMessageA
0x518170 QueryPerformanceCounter
0x518174 GetTickCount
0x518178 FlushFileBuffers
0x51817c WriteConsoleW
0x518180 HeapSize
0x518184 SetEnvironmentVariableW
0x518188 FreeEnvironmentStringsW
0x51818c GetEnvironmentStringsW
0x518190 GetCommandLineW
0x518194 GetCommandLineA
0x518198 GetOEMCP
0x51819c GetACP
0x5181a0 IsValidCodePage
0x5181a4 LocalAlloc
0x5181a8 WaitForSingleObject
0x5181ac GetVolumeInformationA
0x5181b0 FindClose
0x5181b4 lstrlenA
0x5181b8 InitializeCriticalSectionEx
0x5181bc FindNextFileA
0x5181c0 GetUserDefaultLocaleName
0x5181c4 TerminateProcess
0x5181c8 WriteFile
0x5181cc GetCurrentProcess
0x5181d0 HeapFree
0x5181d4 FindFirstFileA
0x5181d8 Process32First
0x5181dc GetPrivateProfileSectionNamesA
0x5181e0 SetStdHandle
0x5181e4 HeapReAlloc
0x5181e8 EnumSystemLocalesW
0x5181ec GetUserDefaultLCID
0x5181f0 IsValidLocale
0x5181f4 GetLocaleInfoW
0x5181f8 LCMapStringW
0x5181fc ReadFile
0x518200 CompareStringW
0x518204 GetTimeFormatW
0x518208 GetDateFormatW
0x51820c GetFileSizeEx
0x518210 GetConsoleOutputCP
0x518214 ReadConsoleW
0x518218 GetConsoleMode
0x51821c GetStdHandle
0x518220 GetModuleFileNameW
0x518224 GetModuleHandleExW
0x518228 GetFileType
0x51822c GetModuleFileNameA
0x518230 CreateFileW
0x518234 SetFilePointerEx
0x518238 LoadLibraryExW
0x51823c TlsFree
0x518240 TlsSetValue
0x518244 TlsGetValue
0x518248 TlsAlloc
0x51824c InitializeCriticalSectionAndSpinCount
0x518250 SetLastError
0x518254 RaiseException
0x518258 RtlUnwind
0x51825c InitializeSListHead
0x518260 GetStartupInfoW
0x518264 UnhandledExceptionFilter
0x518268 FindFirstFileW
0x51826c FindFirstFileExW
0x518270 FindNextFileW
0x518274 GetFileAttributesExW
0x518278 GetFinalPathNameByHandleW
0x51827c GetModuleHandleW
0x518280 GetFileInformationByHandleEx
0x518284 GetLocaleInfoEx
0x518288 InitializeSRWLock
0x51828c ReleaseSRWLockExclusive
0x518290 AcquireSRWLockExclusive
0x518294 TryAcquireSRWLockExclusive
0x518298 LCMapStringEx
0x51829c EncodePointer
0x5182a0 DecodePointer
0x5182a4 CompareStringEx
0x5182a8 GetCPInfo
0x5182ac GetStringTypeW
USER32.dll
0x5182dc GetDC
0x5182e0 GetWindowRect
0x5182e4 EnumDisplayDevicesA
0x5182e8 CharNextA
0x5182ec GetSystemMetrics
0x5182f0 GetDesktopWindow
0x5182f4 ReleaseDC
0x5182f8 GetKeyboardLayoutList
0x5182fc wsprintfA
GDI32.dll
0x518038 CreateCompatibleBitmap
0x51803c SelectObject
0x518040 CreateCompatibleDC
0x518044 DeleteObject
0x518048 BitBlt
ADVAPI32.dll
0x518000 SystemFunction036
0x518004 RegOpenKeyExA
0x518008 GetUserNameA
0x51800c RegEnumKeyA
0x518010 RegCloseKey
0x518014 GetCurrentHwProfileA
0x518018 RegQueryValueExA
0x51801c CredEnumerateA
0x518020 RegCreateKeyExA
0x518024 CredFree
0x518028 RegEnumKeyExA
SHELL32.dll
0x5182c8 ShellExecuteA
0x5182cc SHGetFolderPathA
ole32.dll
0x51836c CoInitialize
0x518370 CoUninitialize
0x518374 CoCreateInstance
0x518378 CoInitializeEx
WS2_32.dll
0x518304 WSACleanup
0x518308 closesocket
0x51830c shutdown
0x518310 getaddrinfo
0x518314 WSAStartup
0x518318 WSAGetLastError
0x51831c socket
0x518320 connect
0x518324 recv
0x518328 freeaddrinfo
0x51832c setsockopt
0x518330 send
CRYPT32.dll
0x518030 CryptUnprotectData
SHLWAPI.dll
0x5182d4 PathFindExtensionA
gdiplus.dll
0x518338 GdipAlloc
0x51833c GdiplusStartup
0x518340 GdiplusShutdown
0x518344 GdipCloneImage
0x518348 GdipDisposeImage
0x51834c GdipSaveImageToFile
0x518350 GdipGetImageEncodersSize
0x518354 GdipFree
0x518358 GdipCreateBitmapFromHBITMAP
0x51835c GdipGetImageEncoders
SETUPAPI.dll
0x5182b4 SetupDiGetClassDevsA
0x5182b8 SetupDiEnumDeviceInfo
0x5182bc SetupDiGetDeviceInterfaceDetailA
0x5182c0 SetupDiEnumDeviceInterfaces
ntdll.dll
0x518364 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none
KERNEL32.dll
0x518050 GetModuleHandleA
0x518054 GetLocaleInfoA
0x518058 OpenProcess
0x51805c CreateToolhelp32Snapshot
0x518060 MultiByteToWideChar
0x518064 Sleep
0x518068 GetTempPathA
0x51806c GetModuleHandleExA
0x518070 GetTimeZoneInformation
0x518074 GetTickCount64
0x518078 CopyFileA
0x51807c GetLastError
0x518080 GetFileAttributesA
0x518084 TzSpecificLocalTimeToSystemTime
0x518088 CreateFileA
0x51808c SetEvent
0x518090 TerminateThread
0x518094 LoadLibraryA
0x518098 GetVersionExA
0x51809c DeleteFileA
0x5180a0 Process32Next
0x5180a4 CloseHandle
0x5180a8 GetSystemInfo
0x5180ac CreateThread
0x5180b0 ResetEvent
0x5180b4 GetWindowsDirectoryA
0x5180b8 HeapAlloc
0x5180bc SetFileAttributesA
0x5180c0 GetLocalTime
0x5180c4 GetProcAddress
0x5180c8 LocalFree
0x5180cc IsProcessorFeaturePresent
0x5180d0 GetFileSize
0x5180d4 RemoveDirectoryA
0x5180d8 ExitProcess
0x5180dc GetCurrentProcessId
0x5180e0 GetProcessHeap
0x5180e4 GlobalMemoryStatusEx
0x5180e8 FreeLibrary
0x5180ec WideCharToMultiByte
0x5180f0 CreateDirectoryA
0x5180f4 GetSystemTime
0x5180f8 CreateEventA
0x5180fc GetCurrentThreadId
0x518100 GetPrivateProfileStringA
0x518104 IsWow64Process
0x518108 IsDebuggerPresent
0x51810c GetComputerNameA
0x518110 SetUnhandledExceptionFilter
0x518114 lstrcatA
0x518118 lstrcpyA
0x51811c lstrcpynA
0x518120 SetFilePointer
0x518124 AreFileApisANSI
0x518128 EnterCriticalSection
0x51812c GetFullPathNameW
0x518130 GetDiskFreeSpaceW
0x518134 LockFile
0x518138 LeaveCriticalSection
0x51813c InitializeCriticalSection
0x518140 GetFullPathNameA
0x518144 SetEndOfFile
0x518148 GetTempPathW
0x51814c GetFileAttributesW
0x518150 FormatMessageW
0x518154 GetDiskFreeSpaceA
0x518158 DeleteFileW
0x51815c UnlockFile
0x518160 LockFileEx
0x518164 DeleteCriticalSection
0x518168 GetSystemTimeAsFileTime
0x51816c FormatMessageA
0x518170 QueryPerformanceCounter
0x518174 GetTickCount
0x518178 FlushFileBuffers
0x51817c WriteConsoleW
0x518180 HeapSize
0x518184 SetEnvironmentVariableW
0x518188 FreeEnvironmentStringsW
0x51818c GetEnvironmentStringsW
0x518190 GetCommandLineW
0x518194 GetCommandLineA
0x518198 GetOEMCP
0x51819c GetACP
0x5181a0 IsValidCodePage
0x5181a4 LocalAlloc
0x5181a8 WaitForSingleObject
0x5181ac GetVolumeInformationA
0x5181b0 FindClose
0x5181b4 lstrlenA
0x5181b8 InitializeCriticalSectionEx
0x5181bc FindNextFileA
0x5181c0 GetUserDefaultLocaleName
0x5181c4 TerminateProcess
0x5181c8 WriteFile
0x5181cc GetCurrentProcess
0x5181d0 HeapFree
0x5181d4 FindFirstFileA
0x5181d8 Process32First
0x5181dc GetPrivateProfileSectionNamesA
0x5181e0 SetStdHandle
0x5181e4 HeapReAlloc
0x5181e8 EnumSystemLocalesW
0x5181ec GetUserDefaultLCID
0x5181f0 IsValidLocale
0x5181f4 GetLocaleInfoW
0x5181f8 LCMapStringW
0x5181fc ReadFile
0x518200 CompareStringW
0x518204 GetTimeFormatW
0x518208 GetDateFormatW
0x51820c GetFileSizeEx
0x518210 GetConsoleOutputCP
0x518214 ReadConsoleW
0x518218 GetConsoleMode
0x51821c GetStdHandle
0x518220 GetModuleFileNameW
0x518224 GetModuleHandleExW
0x518228 GetFileType
0x51822c GetModuleFileNameA
0x518230 CreateFileW
0x518234 SetFilePointerEx
0x518238 LoadLibraryExW
0x51823c TlsFree
0x518240 TlsSetValue
0x518244 TlsGetValue
0x518248 TlsAlloc
0x51824c InitializeCriticalSectionAndSpinCount
0x518250 SetLastError
0x518254 RaiseException
0x518258 RtlUnwind
0x51825c InitializeSListHead
0x518260 GetStartupInfoW
0x518264 UnhandledExceptionFilter
0x518268 FindFirstFileW
0x51826c FindFirstFileExW
0x518270 FindNextFileW
0x518274 GetFileAttributesExW
0x518278 GetFinalPathNameByHandleW
0x51827c GetModuleHandleW
0x518280 GetFileInformationByHandleEx
0x518284 GetLocaleInfoEx
0x518288 InitializeSRWLock
0x51828c ReleaseSRWLockExclusive
0x518290 AcquireSRWLockExclusive
0x518294 TryAcquireSRWLockExclusive
0x518298 LCMapStringEx
0x51829c EncodePointer
0x5182a0 DecodePointer
0x5182a4 CompareStringEx
0x5182a8 GetCPInfo
0x5182ac GetStringTypeW
USER32.dll
0x5182dc GetDC
0x5182e0 GetWindowRect
0x5182e4 EnumDisplayDevicesA
0x5182e8 CharNextA
0x5182ec GetSystemMetrics
0x5182f0 GetDesktopWindow
0x5182f4 ReleaseDC
0x5182f8 GetKeyboardLayoutList
0x5182fc wsprintfA
GDI32.dll
0x518038 CreateCompatibleBitmap
0x51803c SelectObject
0x518040 CreateCompatibleDC
0x518044 DeleteObject
0x518048 BitBlt
ADVAPI32.dll
0x518000 SystemFunction036
0x518004 RegOpenKeyExA
0x518008 GetUserNameA
0x51800c RegEnumKeyA
0x518010 RegCloseKey
0x518014 GetCurrentHwProfileA
0x518018 RegQueryValueExA
0x51801c CredEnumerateA
0x518020 RegCreateKeyExA
0x518024 CredFree
0x518028 RegEnumKeyExA
SHELL32.dll
0x5182c8 ShellExecuteA
0x5182cc SHGetFolderPathA
ole32.dll
0x51836c CoInitialize
0x518370 CoUninitialize
0x518374 CoCreateInstance
0x518378 CoInitializeEx
WS2_32.dll
0x518304 WSACleanup
0x518308 closesocket
0x51830c shutdown
0x518310 getaddrinfo
0x518314 WSAStartup
0x518318 WSAGetLastError
0x51831c socket
0x518320 connect
0x518324 recv
0x518328 freeaddrinfo
0x51832c setsockopt
0x518330 send
CRYPT32.dll
0x518030 CryptUnprotectData
SHLWAPI.dll
0x5182d4 PathFindExtensionA
gdiplus.dll
0x518338 GdipAlloc
0x51833c GdiplusStartup
0x518340 GdiplusShutdown
0x518344 GdipCloneImage
0x518348 GdipDisposeImage
0x51834c GdipSaveImageToFile
0x518350 GdipGetImageEncodersSize
0x518354 GdipFree
0x518358 GdipCreateBitmapFromHBITMAP
0x51835c GdipGetImageEncoders
SETUPAPI.dll
0x5182b4 SetupDiGetClassDevsA
0x5182b8 SetupDiEnumDeviceInfo
0x5182bc SetupDiGetDeviceInterfaceDetailA
0x5182c0 SetupDiEnumDeviceInterfaces
ntdll.dll
0x518364 RtlUnicodeStringToAnsiString
EAT(Export Address Table) is none