MKStealer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MKStealer.exe
Size

8KB
MD5

65ed2d0431a792f449d5ef1ca8b627bf
SHA1

cfb14377ac8b8751968949dafe51842f43a2a06e
SHA256

715778821d098950f40d036984cad3c414cd65ce62f7be2ddcc103afb099eada
SHA512

2ac71216bc0aea613324d6c30e19cf1b053379800a5c70d93d95c26014c3dfb134deb25fb4db1b2ccd72176b0e8dc7be00705dc647548bea3a06af4688a138a2
SSDEEP

96:DoLHMPys2VE4BjTj0kc7IUbtND9S89z3+3hRPIbh85V17grpEfQDXHQhqpzNt:6HwOjT6IsU853shR+IVNg+f8aqL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MKStealer.exe

Files

MKStealer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ACER\source\repos\MKStealer\MKStealer\obj\Debug\MKStealer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ