dealer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dealer.exe
Size

870KB
MD5

c297231ab927e6c0d790d6f9544064ec
SHA1

69a367e56e51d963e039c944af95eb60fadce04c
SHA256

e85243ef1d7e82345d00f9cf25f4289ac6c723013fcfd8f16c7622fa2c316a93
SHA512

a15f8470ad949ddf90a3cac63158f23ab48789ea731bd97fe990913138033ae7522ee09d09229cd4db02f745e4fdaafd194b2c48f2a8baf1a2adf7f212bcfe9b
SSDEEP

12288:i0k97WzJJlv5hH7TGboPjOgzr1PSuLRxVM2Tn6brxTQDgTWKF7CQTd7SZ:HJJJlv5tTGbo6gzr1Kqn6blTwepB7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dealer.exe

Files

dealer.exe
.exe windows:6 windows x64 arch:x64

4b9899014dcf63c35f754a3157e3c07b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Gang\source\repos\stealer\x64\Release\stealer.pdb

Imports

advapi32

SystemFunction036

crypt32

CryptUnprotectData
CryptStringToBinaryA

winhttp

WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpOpen
WinHttpConnect
WinHttpReceiveResponse

user32

GetKeyState
GetMessageA
DispatchMessageA
CallNextHookEx
GetAsyncKeyState
SetWindowsHookExA
UnhookWindowsHookEx
TranslateMessage

kernel32

GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateThread
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
Process32First
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
memset
memcpy
memcmp
memmove
strstr
strchr

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_initialize_onexit_table
_beginthreadex
terminate
_errno
abort
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_endthreadex
_initterm_e
exit
_exit
_initterm
_cexit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_set_new_mode
_msize

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
_stricmp
strcmp
strncat_s

api-ms-win-crt-stdio-l1-1-0

fopen
__p__commode
__stdio_common_vsprintf
__stdio_common_vswprintf
fwrite
fgets
__stdio_common_vfprintf
fseek
__acrt_iob_func
_set_fmode
fclose
__stdio_common_vfwprintf

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b9899014dcf63c35f754a3157e3c07b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

crypt32

winhttp

user32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 709KB - Virtual size: 709KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 8KB - Virtual size: 12KB

.pdata Size: 28KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 709KB - Virtual size: 709KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 8KB - Virtual size: 12KB

.pdata
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB