deec841c9662b5ec254f0b96cd45f974

Sharing

Copy URL Twitter E-mail

General

Target

deec841c9662b5ec254f0b96cd45f974
Size

728KB
MD5

deec841c9662b5ec254f0b96cd45f974
SHA1

9c73be78b90b6f75cf1b2d0d831b3e8bf79ea622
SHA256

d038f18fba922cdb4208914aebce4d2621eb3640ce5d985287ff973d3b4d73d4
SHA512

3d423f63a6fba64acfa6400be1048690270824ca29909e0b1b2c5e90655515b73a8075c47fa178818e64ee390e8a0d60dad639eab11bec778435fd404a62b4c1
SSDEEP

12288:lifmLOgLN70/IG7CqF38Q3s3aFiwLVqGzzCxuUKo1nWjhStiSbUccDUIwsrKm1:4OLOYW7CqF38qfpzeuUKtYcwUccUm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deec841c9662b5ec254f0b96cd45f974

Files

deec841c9662b5ec254f0b96cd45f974
.exe windows:4 windows x86 arch:x86

68831fd38d4eb26788a4c40e7c266815

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\a.klaus\Desktop\Acid_Burn & BlaXx Version\release\Codesoft-PW_Stealer_Server.pdb

Imports

kernel32

FindFirstFileA
FindNextFileA
CreateFileA
WriteFile
CloseHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemTime
lstrlenA
GetEnvironmentVariableA
GetShortPathNameA
lstrcpyA
GetTempPathA
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
VirtualAlloc
VirtualProtect
ExitProcess
lstrcmpA
Process32First
Module32First
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
Module32Next
CreateMutexA
GetModuleFileNameA
CopyFileA
GetLastError
lstrcatA
Sleep
HeapAlloc
GetComputerNameA
SetEndOfFile
GetLocaleInfoW
CreateFileW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
DeleteFileA
GetModuleFileNameW
GetCommandLineA
GetVersionExA
GetStartupInfoA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
HeapReAlloc
HeapDestroy
HeapCreate
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
IsValidCodePage

advapi32

RegQueryValueA
OpenProcessToken
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
GetUserNameA

shell32

ShellExecuteA
SHGetFolderPathA

shlwapi

PathUnquoteSpacesA
PathRemoveArgsA

wininet

FtpPutFileA
FtpSetCurrentDirectoryA
InternetOpenA
InternetCloseHandle
InternetConnectA

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68831fd38d4eb26788a4c40e7c266815

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 284KB - Virtual size: 280KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 316KB - Virtual size: 344KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 284KB - Virtual size: 280KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 316KB - Virtual size: 344KB

.rsrc
Size: 20KB - Virtual size: 19KB