fickerstealer | 58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.zip
Size

201KB
MD5

53c86f7c343abdcd0a4908386941a88e
SHA1

c24f2d836d5f59bd8e490d1e189625ff6f86d8e9
SHA256

f5f542f8ee99e8d6fd8273cbd8142f5a5d6a1076b25cd6157b12274b81f333da
SHA512

8d0e17c62381277afb15d2309a64e9c68e86bc6f0ecc970c35c3be8d02bb046f1e0804fa57adda9b759d6ead3418aac80afaf6798835ef28d8e2f3aab47240d0
SSDEEP

3072:YmgovmThPArBlUyHiGfCILAP5a5z4Bf0XlJci8rYI4EetmPX9rCKcmuw1HpDH5/W:dg0LHBCezz5X8oFmv9Rb1HdZ1EDwJ4

Score

10^/10

fickerstealer

Malware Config

Extracted

Family

fickerstealer

blogsme.link:8080

Signatures

Fickerstealer family
fickerstealer

Files

58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.zip
.zip

Password: infected
58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.exe
.exe windows x86

Password: infected

4de0536eb25f693290ab642e3e63ef72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
SystemFunction036

crypt32

CryptUnprotectData

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteObject
GetCurrentObject
GetObjectW
SelectObject

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateFileW
CreateMutexA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetComputerNameW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentVariableW
GetFileInformationByHandle
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetTimeZoneInformation
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
OpenProcess
Process32First
Process32Next
ReadFile
ReleaseMutex
RtlCaptureContext
SetFilePointerEx
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObjectEx
WriteConsoleW
WriteFile
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

user32

EnumDisplayDevicesW
GetDC
GetDesktopWindow
GetKeyboardLayoutList
GetSystemMetrics
GetWindowRect

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_close
_fmode
_fpreset
_getpid
_initterm
_iob
_lock
_lseek
_onexit
_open
_read
_unlock
_vsnprintf
abort
atoi
bsearch
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
realloc
signal
strcmp
strlen
strncmp
vfprintf

ws2_32

WSACleanup
WSAGetLastError
WSASocketW
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
ioctlsocket
recv
send
setsockopt
shutdown

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

4de0536eb25f693290ab642e3e63ef72

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

gdi32

kernel32

user32

msvcrt

ws2_32

Sections

.text Size: 318KB - Virtual size: 317KB

.data Size: 512B - Virtual size: 76B

.rdata Size: 36KB - Virtual size: 35KB

/4 Size: 30KB - Virtual size: 29KB

.bss Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.text
Size: 318KB - Virtual size: 317KB

.data
Size: 512B - Virtual size: 76B

.rdata
Size: 36KB - Virtual size: 35KB

/4
Size: 30KB - Virtual size: 29KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B