rust-stealer-xss[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rust-stealer-xss.exe
Size

5.3MB
MD5

f9cb98e736f1dec957a7f479b00b9f8e
SHA1

417f39bb1f12b985225eddaeb6d2fa3c1f87453d
SHA256

a1777a0d3f86e3e084a3a303e1cc8c09486e08663371e5a14ff7c4d42b416b9c
SHA512

0389be3b893e0130535e8dfa32cd30543d9293692d18dd5c7b805b98a5e54dd2bdea7eda11c82a2062d35aeb213c7089daeda540b3579dc19f9ab1242e81023a
SSDEEP

49152:llgmndyccQK+nqL6C49gBoVvdP6IfzH/WJc5NvYcYSenSr01aQeCzjURY+57doNz:lT7WoVvdPfQpPxDJDFAKY0KRVDGrC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rust-stealer-xss.exe

Files

rust-stealer-xss.exe
.exe windows:6 windows x64 arch:x64

440ae70086ec55b7e18789fb73e4304b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx

kernel32

WakeConditionVariable
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
FindNextFileW
GetFileInformationByHandle
FindFirstFileW
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
GetExitCodeProcess
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
CreateMutexA
LoadLibraryExW
LoadLibraryA
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
CopyFileExW
PostQueuedCompletionStatus
GetFinalPathNameByHandleW
SetLastError
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
SwitchToThread
SetFileInformationByHandle
GetModuleFileNameW
CreateFileW
AcquireSRWLockExclusive
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeSListHead
HeapReAlloc
GetProcessHeap
WaitForSingleObject
HeapAlloc
GetLastError
SetThreadStackGuarantee
CancelIo
IsDebuggerPresent
AddVectoredExceptionHandler
CloseHandle
FindClose
HeapFree
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateDirectoryW
WaitForSingleObjectEx

oleaut32

SafeArrayDestroy
SysAllocStringLen
SysFreeString
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
VariantClear

ws2_32

accept
WSAIoctl
getsockopt
connect
ioctlsocket
shutdown
listen
socket
bind
WSAGetLastError
getpeername
WSASend
closesocket
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
select
recv
getsockname
WSASocketW
send

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CryptUnprotectData
CertDuplicateCertificateChain
CertAddCertificateContextToStore

advapi32

RegOpenKeyExW
SystemFunction036
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW

user32

GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsExW

bcrypt

BCryptGenRandom

secur32

AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
AcquireCredentialsHandleA
QueryContextAttributesW
FreeCredentialsHandle
DeleteSecurityContext
DecryptMessage
ApplyControlToken
EncryptMessage

rstrtmgr

RmGetList
RmRegisterResources
RmStartSession

gdi32

GetObjectW
DeleteObject
CreateDCW
GetDeviceCaps
DeleteDC
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

api-ms-win-crt-math-l1-1-0

powf
truncf
exp2f
roundf
_dclass
log
ceil
pow
__setusermatherr

api-ms-win-crt-string-l1-1-0

strncmp
strcspn
strcpy_s
strcmp
strlen
wcsncmp

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc
_set_new_mode
_msize

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_seh_filter_exe
_initterm_e
exit
_exit
_endthreadex
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_onexit_function
_initialize_onexit_table
terminate
_register_thread_local_exe_atexit_callback
_initterm
_beginthreadex
abort

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

440ae70086ec55b7e18789fb73e4304b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

oleaut32

ws2_32

crypt32

advapi32

user32

bcrypt

secur32

rstrtmgr

gdi32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 81KB - Virtual size: 81KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 81KB - Virtual size: 81KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 34KB - Virtual size: 34KB