stealerium | 528-44-0x000000001D8E0000-0x000000001DA68000-memory[.]dmp | Triage

Sharing

General

Target

528-44-0x000000001D8E0000-0x000000001DA68000-memory.dmp
Size

1.5MB
MD5

36ff6c76c99b7440a43a9fdae1d9c98c
SHA1

9731afa432d25fc000be8dc97492194bb5c011b7
SHA256

0d6c74282fe0476ef60be4e95aac5f7c4d135c3c82bb18c17b66b62ab10bd751
SHA512

d0ffa378d4051390222b14a588ad2c27d30c0d1d80a6109d6996fa9117b54be2f3b499218486d948a22a6ed673ba3f26695c7ab43955d0fbba2757019bf22e90
SSDEEP

24576:Ji2Q9NXw2/wPOjdGxYEfw+Jwz/S/6RZs8nVW6k5JHkARt7DBAqnq:YTq24GjdGSCw+W7SCRnVQTEQ/BA8

Score

10^/10

stealerium

Malware Config

Signatures

Stealerium family
stealerium

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
528-44-0x000000001D8E0000-0x000000001DA68000-memory.dmp

Files

528-44-0x000000001D8E0000-0x000000001DA68000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ