steal (4)[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

steal (4).dll
Size

270KB
MD5

51cc5087b46e59509aec22477c87bb8b
SHA1

872cc19a77a6780651093717ba074fd2c75c923e
SHA256

ccfdab295758a99f7d527fe752ee280ed5fc1d3d6d8417166ee94710578280d8
SHA512

a97471380cf41c9307fd08f1dcfea8cecd8ddba8c398fc3e652b167f9b0e7da8d8158fbcc7b21f2a2b2111d6bf7059045ca1f2a64fb4a7d8433495d1a829cd70
SSDEEP

6144:vbp8wi9FdBuudjoooooooNEmbdGu1Y2DwdnXj4A3iW4+m:vbp8wu1joooooooNE04ffb4+m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
steal (4).dll

Files

steal (4).dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\kmant\Documents\steal better\steal2\Steal\obj\x64\Release\netstandard2.1\Steal.pdb

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ