stealerium | zezzy_builder[.]exe | Triage

Sharing

General

Target

zezzy_builder.exe
Size

12.9MB
MD5

0bb25992f6b4eca888722b981f4ebb87
SHA1

784b241012c76f3fcbacd150ce511ff34e6cd927
SHA256

fbb40094f45878374ef62cee6e3e66f3e36922a59ab088a6b3a0b0b50974cd1f
SHA512

1082e2c88e48a8cbe222eac9f921601e978a3d2972d7e3b0cfe60ad33b822e805792b07bf30fb296782635dbc48b500e35ea5647a0eb0cce325be1a3fb8a5c08
SSDEEP

393216:vqkSmY83yEkfj4q1+TtIiFUY9Z8D8CcldlV1SNbyKhV:v3yz4q1QtIna8DZcLlfxKhV

Score

10^/10

pyinstaller stealerium

Malware Config

Signatures

Stealerium family
stealerium
Detects Pyinstaller 1 IoCs
pyinstaller

Processes:

resource yara_rule

sample pyinstaller
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

zezzy_builder.exe

Files

zezzy_builder.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ahmad\Downloads\BitJoiner by @Drcrypt0r\payload\obj\Debug\payload.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cstealer.pyc