pandastealer | b59f27dedadd616a884740a63e360bd8484f75db0e6c90b199b5c15c5a10d85b | Triage

Sharing

General

Target

b59f27dedadd616a884740a63e360bd8484f75db0e6c90b199b5c15c5a10d85b
Size

1.9MB
MD5

d75d016964ffb38a1786645747f81a12
SHA1

8b792fcb8d1c2960180b427c4fc7c2d2e2e2f000
SHA256

b59f27dedadd616a884740a63e360bd8484f75db0e6c90b199b5c15c5a10d85b
SHA512

ad755146867b79d1e75ea09a2ccb990b5f8f3b80303a4811b53632a7fbd0e55826c863406d1c49f324ec7ce58e0e855f24f7b202cb3e515077482ee526745653

Score

10^/10

vmprotect pandastealer

Malware Config

Signatures

Panda Stealer Payload 1 IoCs

Processes:

resource yara_rule

sample family_pandastealer
Pandastealer family
pandastealer
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

b59f27dedadd616a884740a63e360bd8484f75db0e6c90b199b5c15c5a10d85b
.exe windows x86

4a5adff14edc11385208503c8557daad

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
FindFirstFileExW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffW

gdi32

DeleteObject

shlwapi

PathFindExtensionA

gdiplus

GdipGetImageEncoders

wininet

InternetReadFile

Sections

.text
Size: - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 862KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ