fd8a87bfda9300d44895d596b6b1d7a6c5572e459d0a5b94b54e8b2f1c1c7ade

Sharing

Copy URL Twitter E-mail

General

Target

fd8a87bfda9300d44895d596b6b1d7a6c5572e459d0a5b94b54e8b2f1c1c7ade
Size

2.6MB
MD5

f834969d2fd09e8447ac66510a9a5099
SHA1

e7eefd2fcb458290a86ea908426c775e4f36a387
SHA256

fd8a87bfda9300d44895d596b6b1d7a6c5572e459d0a5b94b54e8b2f1c1c7ade
SHA512

d724ddf73ed1df393bdd41dcbe011c4bbca6890f32cc0c0c8a2abace984466c0bfe6a782d400be11325f3382a341abf2a37cb3c853c95e9908157b30bf34b588
SSDEEP

49152:QAgzqnwE6xcqHitVTxFH3kKaFALbpEWvfuc84+sp22lfnVVEtZSWT:QDfHQ/NtLbpEI2Uv7dMtZv

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd8a87bfda9300d44895d596b6b1d7a6c5572e459d0a5b94b54e8b2f1c1c7ade

Files

fd8a87bfda9300d44895d596b6b1d7a6c5572e459d0a5b94b54e8b2f1c1c7ade
.exe windows:4 windows x86 arch:x86

fa24687109c0b1a770021c8291b204a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
wcscmp
memmove
wcslen
wcscpy
wcscat
strlen
sprintf
malloc
free
_wstat
_wcsdup
strcmp
memcpy
_CIcos
_CIpow
_wfopen
_setjmp3
fclose
longjmp
strncpy
strcpy
_wcsicmp
tolower
floor
toupper
strstr
wcsncpy
_snwprintf
localtime
mktime
_wcsnicmp
_itow
gmtime
fseek
ftell
fread
pow
??3@YAXPAX@Z
wcsstr
_isnan
_close
calloc
_lseeki64
_errno
realloc
_snprintf
abort
_wopen
_setmode
exit
wcschr
_open_osfhandle
_strdup
setlocale
strrchr
strncmp
wctomb
_get_osfhandle
_open
mbstowcs
strchr
__p__iob
fprintf
fwrite
fflush
ferror
getenv
sscanf
strtol
strtoul
strerror
qsort
fopen
fputs
strpbrk
_access
_read
_write
atoi
memchr
fputc
fgets
strspn
strcspn
isupper
_msize
_beginthreadex
_endthreadex
_stati64
time
_ftime
_vsnwprintf
cos
fmod
sin
abs
ceil

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
SetErrorMode
GetFileAttributesW
GetLastError
SetLastError
GetBinaryTypeW
GetTickCount
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
GetLogicalDrives
GetDriveTypeW
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateThread
GetEnvironmentVariableW
SetEnvironmentVariableW
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
PeekNamedPipe
ReadFile
HeapReAlloc
WriteFile
CreateFileW
GetFileSize
DeleteFileW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
FreeLibrary
MultiByteToWideChar
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo
GlobalMemoryStatusEx
GetVersionExW
SetFilePointer
WideCharToMultiByte
MulDiv
GetTempPathW
FindFirstFileW
FindClose
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
CopyFileW
GetLocalTime
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
GetFileSizeEx
AreFileApisANSI
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
FlushFileBuffers
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesExW
GetFullPathNameA
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetVersionExA
HeapValidate
HeapCompact
LocalFree
LockFile
LockFileEx
MapViewOfFile
SetEndOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
TryEnterCriticalSection
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

SetWindowsHookExW
GetDesktopWindow
GetDC
ReleaseDC
GetForegroundWindow
GetWindowTextW
GetLastInputInfo
GetWindowTextLengthW
GetAsyncKeyState
GetKeyState
CallNextHookEx
GetWindow
SetActiveWindow
SendMessageW
DestroyWindow
DestroyIcon
LoadIconW
LoadCursorW
GetPropW
RegisterClassW
AdjustWindowRectEx
CreateWindowExW
SetPropW
ShowWindow
UnregisterClassW
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
DefWindowProcW
GetParent
SetFocus
GetFocus
RemovePropW
DestroyAcceleratorTable
SetRect
GetWindowLongW
EnumChildWindows
PostMessageW
GetWindowRect
GetSystemMetrics
SetWindowPos
IsWindowEnabled
IsWindowVisible
GetWindowThreadProcessId
GetClassNameW
IsChild
SystemParametersInfoW
CallWindowProcW
SetWindowLongW
RegisterWindowMessageW
EnumDisplaySettingsW
FillRect
CharLowerW
GetIconInfo
DrawIconEx

gdi32

BitBlt
DeleteObject
GetDeviceCaps
GetStockObject
CreateFontIndirectW
CreateDCW
DeleteDC
GetObjectType
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

advapi32

RegCreateKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

RevokeDragDrop
CoTaskMemFree

shell32

ord680
ShellExecuteW
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

ws2_32

closesocket
WSACleanup
WSAStartup
gethostname
send
sendto
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recvfrom
recv
WSAGetLastError
ntohs
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
WSAIoctl
getaddrinfo
freeaddrinfo
htonl
listen
accept
ntohl

crypt32

CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertGetNameStringA

winmm

timeBeginPeriod

psapi

GetProcessMemoryInfo

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

comctl32

InitCommonControlsEx

Sections

.code
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa24687109c0b1a770021c8291b204a0

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

crypt32

winmm

psapi

gdiplus

comctl32

Sections

.code Size: 59KB - Virtual size: 58KB

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 1.1MB - Virtual size: 1.1MB

.code
Size: 59KB - Virtual size: 58KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 1.1MB - Virtual size: 1.1MB