ScreenShot
| Created | 2024.09.06 14:23 | Machine | s1_win7_x6403 |
| Filename | 66d97993e0460_stealc_w9.vmp.exe#kis9 | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (AIDetectMalware, Stealerc, malicious, high confidence, score, @FW@amO@gjh, Unsafe, Vcfi, Attribute, HighConfidence, VMProtect, BC suspicious, ClipBanker, CLOUD, XPACK, DownLoader47, PRIVATELOADER, YXEIEZ, Real Protect, high, Static AI, Malicious PE, Detected, ai score=85, HeurC, KVMH008, Stealc, Sabsik, ABTrojan, YZNZ, susgen, confidence, Wacatac, B9nj) | ||
| md5 | a79fa370fdeecbb187f96558a76534b5 | ||
| sha256 | 8ed135aff12b760792f13be121120dcbedad95c2f927289bcb8ae73bc338bda1 | ||
| ssdeep | 98304:IYoAuF1fQ3n7n3BmGl8oVXDZohuHmnyUh5isqtApCnVR1/nwP9oZwUz:IYJ4S3n73vlJFeuHmrO3tApCVvnwiZw | ||
| imphash | 8d68186df0a20a2b7e0a3ae81636b7e7 | ||
| impfuzzy | 96:j/W3qVSBv1kztcfMzK01AXJ4Zcp+AjGt0+lRYE:j/WaVS2qZ4Dz | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x8a1000 strncpy
0x8a1004 ??_V@YAXPAX@Z
0x8a1008 memchr
0x8a100c ??_U@YAPAXI@Z
0x8a1010 strtok
0x8a1014 strtok_s
0x8a1018 strcpy_s
0x8a101c vsprintf_s
0x8a1020 memmove
0x8a1024 strlen
0x8a1028 malloc
0x8a102c free
0x8a1030 memcmp
0x8a1034 ??2@YAPAXI@Z
0x8a1038 memset
0x8a103c memcpy
0x8a1040 __CxxFrameHandler3
KERNEL32.dll
0x8a1048 InitializeCriticalSectionAndSpinCount
0x8a104c WideCharToMultiByte
0x8a1050 RaiseException
0x8a1054 GetStringTypeW
0x8a1058 MultiByteToWideChar
0x8a105c LCMapStringW
0x8a1060 IsValidCodePage
0x8a1064 lstrlenA
0x8a1068 HeapAlloc
0x8a106c GetProcessHeap
0x8a1070 VirtualProtect
0x8a1074 VirtualQueryEx
0x8a1078 OpenProcess
0x8a107c ReadProcessMemory
0x8a1080 WriteFile
0x8a1084 GetOEMCP
0x8a1088 GetACP
0x8a108c UnhandledExceptionFilter
0x8a1090 SetUnhandledExceptionFilter
0x8a1094 IsDebuggerPresent
0x8a1098 EncodePointer
0x8a109c DecodePointer
0x8a10a0 TerminateProcess
0x8a10a4 GetCurrentProcess
0x8a10a8 LeaveCriticalSection
0x8a10ac EnterCriticalSection
0x8a10b0 RtlUnwind
0x8a10b4 GetProcAddress
0x8a10b8 GetModuleHandleW
0x8a10bc ExitProcess
0x8a10c0 Sleep
0x8a10c4 GetStdHandle
0x8a10c8 GetModuleFileNameW
0x8a10cc GetLastError
0x8a10d0 LoadLibraryW
0x8a10d4 TlsGetValue
0x8a10d8 TlsSetValue
0x8a10dc InterlockedIncrement
0x8a10e0 SetLastError
0x8a10e4 GetCurrentThreadId
0x8a10e8 InterlockedDecrement
0x8a10ec GetCPInfo
KERNEL32.dll
0x8a10f4 GetSystemTimeAsFileTime
0x8a10f8 CreateEventA
0x8a10fc GetModuleHandleA
0x8a1100 TerminateProcess
0x8a1104 GetCurrentProcess
0x8a1108 CreateToolhelp32Snapshot
0x8a110c Thread32First
0x8a1110 GetCurrentProcessId
0x8a1114 GetCurrentThreadId
0x8a1118 OpenThread
0x8a111c Thread32Next
0x8a1120 CloseHandle
0x8a1124 SuspendThread
0x8a1128 ResumeThread
0x8a112c WriteProcessMemory
0x8a1130 GetSystemInfo
0x8a1134 VirtualAlloc
0x8a1138 VirtualProtect
0x8a113c VirtualFree
0x8a1140 GetProcessAffinityMask
0x8a1144 SetProcessAffinityMask
0x8a1148 GetCurrentThread
0x8a114c SetThreadAffinityMask
0x8a1150 Sleep
0x8a1154 LoadLibraryA
0x8a1158 FreeLibrary
0x8a115c GetTickCount
0x8a1160 SystemTimeToFileTime
0x8a1164 FileTimeToSystemTime
0x8a1168 GlobalFree
0x8a116c HeapAlloc
0x8a1170 HeapFree
0x8a1174 GetProcAddress
0x8a1178 ExitProcess
0x8a117c EnterCriticalSection
0x8a1180 LeaveCriticalSection
0x8a1184 InitializeCriticalSection
0x8a1188 DeleteCriticalSection
0x8a118c MultiByteToWideChar
0x8a1190 GetModuleHandleW
0x8a1194 LoadResource
0x8a1198 FindResourceExW
0x8a119c FindResourceExA
0x8a11a0 WideCharToMultiByte
0x8a11a4 GetThreadLocale
0x8a11a8 GetUserDefaultLCID
0x8a11ac GetSystemDefaultLCID
0x8a11b0 EnumResourceNamesA
0x8a11b4 EnumResourceNamesW
0x8a11b8 EnumResourceLanguagesA
0x8a11bc EnumResourceLanguagesW
0x8a11c0 EnumResourceTypesA
0x8a11c4 EnumResourceTypesW
0x8a11c8 CreateFileW
0x8a11cc LoadLibraryW
0x8a11d0 GetLastError
0x8a11d4 GetCommandLineA
0x8a11d8 GetCPInfo
0x8a11dc InterlockedIncrement
0x8a11e0 InterlockedDecrement
0x8a11e4 GetACP
0x8a11e8 GetOEMCP
0x8a11ec IsValidCodePage
0x8a11f0 TlsGetValue
0x8a11f4 TlsAlloc
0x8a11f8 TlsSetValue
0x8a11fc TlsFree
0x8a1200 SetLastError
0x8a1204 UnhandledExceptionFilter
0x8a1208 SetUnhandledExceptionFilter
0x8a120c IsDebuggerPresent
0x8a1210 RaiseException
0x8a1214 LCMapStringA
0x8a1218 LCMapStringW
0x8a121c SetHandleCount
0x8a1220 GetStdHandle
0x8a1224 GetFileType
0x8a1228 GetStartupInfoA
0x8a122c GetModuleFileNameA
0x8a1230 FreeEnvironmentStringsA
0x8a1234 GetEnvironmentStrings
0x8a1238 FreeEnvironmentStringsW
0x8a123c GetEnvironmentStringsW
0x8a1240 HeapCreate
0x8a1244 HeapDestroy
0x8a1248 QueryPerformanceCounter
0x8a124c HeapReAlloc
0x8a1250 GetStringTypeA
0x8a1254 GetStringTypeW
0x8a1258 GetLocaleInfoA
0x8a125c HeapSize
0x8a1260 WriteFile
0x8a1264 RtlUnwind
0x8a1268 SetFilePointer
0x8a126c GetConsoleCP
0x8a1270 GetConsoleMode
0x8a1274 InitializeCriticalSectionAndSpinCount
0x8a1278 SetStdHandle
0x8a127c WriteConsoleA
0x8a1280 GetConsoleOutputCP
0x8a1284 WriteConsoleW
0x8a1288 CreateFileA
0x8a128c FlushFileBuffers
0x8a1290 VirtualQuery
EAT(Export Address Table) is none
msvcrt.dll
0x8a1000 strncpy
0x8a1004 ??_V@YAXPAX@Z
0x8a1008 memchr
0x8a100c ??_U@YAPAXI@Z
0x8a1010 strtok
0x8a1014 strtok_s
0x8a1018 strcpy_s
0x8a101c vsprintf_s
0x8a1020 memmove
0x8a1024 strlen
0x8a1028 malloc
0x8a102c free
0x8a1030 memcmp
0x8a1034 ??2@YAPAXI@Z
0x8a1038 memset
0x8a103c memcpy
0x8a1040 __CxxFrameHandler3
KERNEL32.dll
0x8a1048 InitializeCriticalSectionAndSpinCount
0x8a104c WideCharToMultiByte
0x8a1050 RaiseException
0x8a1054 GetStringTypeW
0x8a1058 MultiByteToWideChar
0x8a105c LCMapStringW
0x8a1060 IsValidCodePage
0x8a1064 lstrlenA
0x8a1068 HeapAlloc
0x8a106c GetProcessHeap
0x8a1070 VirtualProtect
0x8a1074 VirtualQueryEx
0x8a1078 OpenProcess
0x8a107c ReadProcessMemory
0x8a1080 WriteFile
0x8a1084 GetOEMCP
0x8a1088 GetACP
0x8a108c UnhandledExceptionFilter
0x8a1090 SetUnhandledExceptionFilter
0x8a1094 IsDebuggerPresent
0x8a1098 EncodePointer
0x8a109c DecodePointer
0x8a10a0 TerminateProcess
0x8a10a4 GetCurrentProcess
0x8a10a8 LeaveCriticalSection
0x8a10ac EnterCriticalSection
0x8a10b0 RtlUnwind
0x8a10b4 GetProcAddress
0x8a10b8 GetModuleHandleW
0x8a10bc ExitProcess
0x8a10c0 Sleep
0x8a10c4 GetStdHandle
0x8a10c8 GetModuleFileNameW
0x8a10cc GetLastError
0x8a10d0 LoadLibraryW
0x8a10d4 TlsGetValue
0x8a10d8 TlsSetValue
0x8a10dc InterlockedIncrement
0x8a10e0 SetLastError
0x8a10e4 GetCurrentThreadId
0x8a10e8 InterlockedDecrement
0x8a10ec GetCPInfo
KERNEL32.dll
0x8a10f4 GetSystemTimeAsFileTime
0x8a10f8 CreateEventA
0x8a10fc GetModuleHandleA
0x8a1100 TerminateProcess
0x8a1104 GetCurrentProcess
0x8a1108 CreateToolhelp32Snapshot
0x8a110c Thread32First
0x8a1110 GetCurrentProcessId
0x8a1114 GetCurrentThreadId
0x8a1118 OpenThread
0x8a111c Thread32Next
0x8a1120 CloseHandle
0x8a1124 SuspendThread
0x8a1128 ResumeThread
0x8a112c WriteProcessMemory
0x8a1130 GetSystemInfo
0x8a1134 VirtualAlloc
0x8a1138 VirtualProtect
0x8a113c VirtualFree
0x8a1140 GetProcessAffinityMask
0x8a1144 SetProcessAffinityMask
0x8a1148 GetCurrentThread
0x8a114c SetThreadAffinityMask
0x8a1150 Sleep
0x8a1154 LoadLibraryA
0x8a1158 FreeLibrary
0x8a115c GetTickCount
0x8a1160 SystemTimeToFileTime
0x8a1164 FileTimeToSystemTime
0x8a1168 GlobalFree
0x8a116c HeapAlloc
0x8a1170 HeapFree
0x8a1174 GetProcAddress
0x8a1178 ExitProcess
0x8a117c EnterCriticalSection
0x8a1180 LeaveCriticalSection
0x8a1184 InitializeCriticalSection
0x8a1188 DeleteCriticalSection
0x8a118c MultiByteToWideChar
0x8a1190 GetModuleHandleW
0x8a1194 LoadResource
0x8a1198 FindResourceExW
0x8a119c FindResourceExA
0x8a11a0 WideCharToMultiByte
0x8a11a4 GetThreadLocale
0x8a11a8 GetUserDefaultLCID
0x8a11ac GetSystemDefaultLCID
0x8a11b0 EnumResourceNamesA
0x8a11b4 EnumResourceNamesW
0x8a11b8 EnumResourceLanguagesA
0x8a11bc EnumResourceLanguagesW
0x8a11c0 EnumResourceTypesA
0x8a11c4 EnumResourceTypesW
0x8a11c8 CreateFileW
0x8a11cc LoadLibraryW
0x8a11d0 GetLastError
0x8a11d4 GetCommandLineA
0x8a11d8 GetCPInfo
0x8a11dc InterlockedIncrement
0x8a11e0 InterlockedDecrement
0x8a11e4 GetACP
0x8a11e8 GetOEMCP
0x8a11ec IsValidCodePage
0x8a11f0 TlsGetValue
0x8a11f4 TlsAlloc
0x8a11f8 TlsSetValue
0x8a11fc TlsFree
0x8a1200 SetLastError
0x8a1204 UnhandledExceptionFilter
0x8a1208 SetUnhandledExceptionFilter
0x8a120c IsDebuggerPresent
0x8a1210 RaiseException
0x8a1214 LCMapStringA
0x8a1218 LCMapStringW
0x8a121c SetHandleCount
0x8a1220 GetStdHandle
0x8a1224 GetFileType
0x8a1228 GetStartupInfoA
0x8a122c GetModuleFileNameA
0x8a1230 FreeEnvironmentStringsA
0x8a1234 GetEnvironmentStrings
0x8a1238 FreeEnvironmentStringsW
0x8a123c GetEnvironmentStringsW
0x8a1240 HeapCreate
0x8a1244 HeapDestroy
0x8a1248 QueryPerformanceCounter
0x8a124c HeapReAlloc
0x8a1250 GetStringTypeA
0x8a1254 GetStringTypeW
0x8a1258 GetLocaleInfoA
0x8a125c HeapSize
0x8a1260 WriteFile
0x8a1264 RtlUnwind
0x8a1268 SetFilePointer
0x8a126c GetConsoleCP
0x8a1270 GetConsoleMode
0x8a1274 InitializeCriticalSectionAndSpinCount
0x8a1278 SetStdHandle
0x8a127c WriteConsoleA
0x8a1280 GetConsoleOutputCP
0x8a1284 WriteConsoleW
0x8a1288 CreateFileA
0x8a128c FlushFileBuffers
0x8a1290 VirtualQuery
EAT(Export Address Table) is none