D:\a\SourcePauseTool\SourcePauseTool\Release\spt.pdb
General
-
Target
spt.dll
-
Size
1.9MB
-
MD5
58dbb50db69f4c6589123ee61b544953
-
SHA1
216d07831f36b172d0a8ac1d6ecf2922fd8e96f0
-
SHA256
ab55f95977f6e8b78a6d76b64a6fcaa3a1a592178183f90527f5572ac1c03d51
-
SHA512
6fa10becb53c0ae93a6d2afecd519483d65cfa6cacb619db05fcaa22604374d213d165cdfe80c8af3ebf3e85702d464f9de2fc2c9e2bb82d68a8dee583b83ce1
-
SSDEEP
24576:8JeZf9FaUwwxkFOlDN8zHJGP9z91r1Y0AVkDy1GWwOGZzGKBBh0lhSMXl0BxbK/g:8JerFaxwEOtN8DJGrYtSzGKBIzng
Score
10/10
Malware Config
Signatures
-
Detect Lumma Stealer payload V4 1 IoCs
resource yara_rule sample family_lumma_v4 -
Lumma family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource spt.dll
Files
-
spt.dll.dll windows:6 windows x86 arch:x86
6ba1d7fbbc28d5289bcdd33111454773
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ws2_32
gethostname
sendto
select
WSAStartup
getaddrinfo
socket
WSAGetLastError
freeaddrinfo
bind
ioctlsocket
send
recv
listen
accept
WSACleanup
ntohl
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
__WSAFDIsSet
htonl
WSAIoctl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
dbghelp
SymInitialize
SymGetModuleBase
SymCleanup
tier0
Error
Msg
?DevMsg@@YAXPBDZZ
?DevWarning@@YAXPBDZZ
Warning
g_VProfCurrentProfile
?ExitScope@CVProfile@@QAEXXZ
?EnterScope@CVProfile@@QAEXPBDH0_NH@Z
g_pMemAlloc
_AssertValidWritePtr
AssertValidStringPtr
kernel32
ReadConsoleW
GetConsoleMode
LoadLibraryExA
LoadLibraryA
LoadLibraryW
FreeLibrary
LoadLibraryExW
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
K32GetModuleInformation
GetProcAddress
GetModuleHandleW
VirtualQuery
OpenMutexA
ReleaseMutex
CloseHandle
GetModuleHandleExA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageW
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
HeapCreate
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
FormatMessageA
WakeAllConditionVariable
SleepConditionVariableSRW
RaiseException
IsProcessorFeaturePresent
InitOnceBeginInitialize
InitOnceComplete
GetConsoleOutputCP
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
DeviceIoControl
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
CreateSymbolicLinkW
LocalFree
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
ExitProcess
SetEnvironmentVariableW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteFile
FlushFileBuffers
SetStdHandle
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
FreeLibraryWhenCallbackReturns
normaliz
IdnToAscii
wldap32
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord30
ord200
ord301
crypt32
CertCreateCertificateChainEngine
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertCloseStore
advapi32
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
vstdlib
KeyValuesSystem
Exports
Exports
CreateInterface
cvar
g_pCVar
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 437KB - Virtual size: 437KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 62KB - Virtual size: 428KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ