metastealer | 5e5cc4f42c7d5481db280b28d1227568c17ed8cc4208970b7a963a4f30c7cc83[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

5e5cc4f42c7d5481db280b28d1227568c17ed8cc4208970b7a963a4f30c7cc83.dll
Size

12.0MB
MD5

4bc78fc4c71bac76371b60c3c4821476
SHA1

105535d978544d85f8d61d20080905d95e1b35dd
SHA256

5e5cc4f42c7d5481db280b28d1227568c17ed8cc4208970b7a963a4f30c7cc83
SHA512

58eef4b4c37c0c3d032d71540c8537a19e9c3f95566c1e3f210aaab9fd0420871b0fa19c4e0438d573ac79839e7dc4a9c29a3a565072f72a17079a39cdd9c449
SSDEEP

196608:GkznuHSSwHM+AvSaB1HD0fYcSXzgvSJ2RsXx/LVjuMPUwKDbSbp08:s/cAzgvS82LVaKUwAbSbp08

Score

10^/10

metastealer

Malware Config

Signatures

MetaStealer payload 1 IoCs

resource	yara_rule
sample	family_metastealer

Metastealer family
metastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e5cc4f42c7d5481db280b28d1227568c17ed8cc4208970b7a963a4f30c7cc83.dll

Files

5e5cc4f42c7d5481db280b28d1227568c17ed8cc4208970b7a963a4f30c7cc83.dll
.dll windows:6 windows x86

d4deb44ab0b5fd52647dbb14ee6ea66b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertOpenSystemStoreW
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptUnprotectData
CryptProtectData
CertOpenStore

gdiplus

GdipCreateBitmapFromHBITMAP
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipAlloc

shlwapi

ord12

wininet

InternetSetOptionW

kernel32

QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetLastError
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetModuleHandleA
IsBadReadPtr
GetEnvironmentVariableW
GetDriveTypeW
GetLogicalDriveStringsW
CreatePipe
PeekNamedPipe
GetCurrentProcess
ExitProcess
TerminateProcess
GetExitCodeProcess
CreateRemoteThread
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
OpenProcess
GetWindowsDirectoryW
GetProductInfo
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
GetTickCount
K32GetModuleFileNameExW
SetStdHandle
GetTempFileNameA
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleHandleExA
GetFileAttributesExA
FindClose
FindNextFileA
SetEvent
ResetEvent
CreateEventA
GetCurrentThread
GetThreadTimes
WaitForThreadpoolTimerCallbacks
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ResumeThread
ExitThread
CreateTimerQueue
GetVersionExW
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitializeCriticalSectionEx
InitOnceComplete
InitOnceBeginInitialize
GetFileInformationByHandleEx
MoveFileExW
CopyFileW
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileInformationByHandle
FindNextFileW
FindFirstFileExW
FindFirstFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
SwitchToThread
RegisterWaitForSingleObject
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesW
CloseThreadpoolTimer
CreateThreadpoolWait
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
GetModuleFileNameW
GetLocaleInfoEx
GetStartupInfoW
IsDebuggerPresent
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
InitializeSListHead
GetModuleHandleW
CreateEventW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
CreateFileMappingA
SetThreadpoolWait
CloseThreadpoolWait
EncodePointer
DecodePointer
LoadLibraryExW
FreeLibraryAndExitThread
LCMapStringEx
GetCPInfo
RaiseException
LoadLibraryExA
RtlUnwind
VirtualQuery
CreateThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileA
GetStdHandle
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
CompareStringEx

ws2_32

send
select
ntohs
__WSAFDIsSet
closesocket
connect
ioctlsocket
getpeername
recv
setsockopt
WSASetLastError
inet_pton
getnameinfo
freeaddrinfo
getaddrinfo
WSASocketW
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
getsockopt

user32

SetWindowsHookExW
UnhookWindowsHook
SetWindowsHookA
GetWindow
GetWindowThreadProcessId
GetTopWindow
FindWindowW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
PtInRect
ChildWindowFromPoint
WindowFromPoint
GetProcessWindowStation
GetCursorPos
GetWindowRect
ReleaseDC
GetDC
UnhookWindowsHookEx
MenuItemFromPoint
IsWindowEnabled
GetKeyState
GetDlgItem
IsWindowVisible
GetWindowPlacement
MoveWindow
PrintWindow
PostMessageW
SendMessageW
SendMessageA
PeekMessageW
DispatchMessageW
TranslateMessage
CloseDesktop
SetThreadDesktop
OpenDesktopW
CreateDesktopW
GetUserObjectInformationW
EnumDisplaySettingsW
CallNextHookEx
MessageBoxA
SetProcessDPIAware
GetForegroundWindow
RealGetWindowClassW
ScreenToClient

gdi32

SetStretchBltMode
StretchBlt
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

StgCreateDocfile
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
VariantInit
SysStringLen
SysFreeString
OleCreatePropertyFrame
SysAllocString

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegDeleteTreeW
GetUserNameW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW

bcrypt

BCryptGenRandom

Exports

Exports

TLSDataStart

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 250KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4deb44ab0b5fd52647dbb14ee6ea66b

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

gdiplus

shlwapi

wininet

kernel32

ws2_32

user32

gdi32

shell32

ole32

oleaut32

advapi32

bcrypt

Exports

Exports

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 250KB - Virtual size: 256KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 216KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 250KB - Virtual size: 256KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 216KB