7d224e040b9aaf934505f2615b7971bff1d5563252bddeaefb174d0c8fa034de[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7d224e040b9aaf934505f2615b7971bff1d5563252bddeaefb174d0c8fa034de.exe
Size

5.1MB
MD5

6a287af9bdcc6fb212d75238f3725011
SHA1

7f1b99becc6ced4f34c3f6e4561dec4400beffca
SHA256

7d224e040b9aaf934505f2615b7971bff1d5563252bddeaefb174d0c8fa034de
SHA512

06d0684dc6edb84d49406b97d522ab4ecff8bdfbf2a4c16349a0f6941d3b0d612e497559a0f00a1b48e5c7d55851f2e0a099d0b6c55940fbff470bd2a00030be
SSDEEP

98304:eIQ6dE+q0HkAu9nulEGCeJsvP623uL+I390OH0N:eTwbHq9ulEGCZvtyqOHS

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Detects executables containing common artifacts observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENInfoStealer

Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

Detects executables referencing many file transfer clients. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d224e040b9aaf934505f2615b7971bff1d5563252bddeaefb174d0c8fa034de.exe

Files

7d224e040b9aaf934505f2615b7971bff1d5563252bddeaefb174d0c8fa034de.exe
.exe windows:5 windows x86 arch:x86

e79accd3fe3dda16be77102fe4532def

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetThreadToken
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
IsValidSid
IsTextUnicode
InitializeSecurityDescriptor
InitializeAcl
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorSacl
GetCurrentHwProfileA
GetCurrentHwProfileW
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
CreateProcessAsUserW
AllocateAndInitializeSid
AdjustTokenPrivileges
AddAccessAllowedAce
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
CryptGetUserKey
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
ConvertSidToStringSidA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
CryptSignHashA
CryptVerifySignatureW
CryptDecrypt
CryptImportKey
CryptEncrypt
CryptDeriveKey
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CreateWellKnownSid

user32

CharNextW
LoadStringW
SetWindowLongA
GetWindowLongA
SetWindowLongW
GetWindowLongW
CreateWindowExW
wvsprintfW
mouse_event
keybd_event
WindowFromPoint
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
ToUnicodeEx
SystemParametersInfoW
ShowWindow
SetWindowsHookExW
SetTimer
SetThreadDesktop
SetClipboardData
SendMessageA
SendMessageW
ScreenToClient
ReleaseDC
RegisterWindowMessageW
RegisterClassW
RealGetWindowClassW
PostThreadMessageW
PostMessageA
PostMessageW
PeekMessageW
OpenDesktopW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MenuItemFromPoint
MapVirtualKeyW
LoadStringW
LoadIconW
LoadCursorW
KillTimer
IsWindowVisible
IsWindow
InvalidateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowInfo
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetWindow
GetMessageW
GetMenuItemID
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDC
GetCursorInfo
GetClipboardData
GetClassInfoW
FindWindowExW
FindWindowA
FindWindowW
EnumWindows
EndDeferWindowPos
EmptyClipboard
DrawIcon
DispatchMessageW
DestroyWindow
DeferWindowPos
DefWindowProcW
CreateDesktopW
CloseWindow
CloseClipboard
CharUpperBuffW
CharUpperW
CharLowerBuffW
CallNextHookEx
BeginDeferWindowPos
AttachThreadInput
PrintWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrcpyA
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
UnlockFileEx
UnlockFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SetThreadPriority
SetPriorityClass
SetLastError
SetFileTime
SetFilePointerEx
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseSemaphore
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
OpenProcess
OpenEventW
MultiByteToWideChar
MoveFileW
MapViewOfFile
LockFileEx
LockFile
LocalFree
LocalAlloc
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapCompact
HeapAlloc
GlobalUnlock
GlobalSize
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetUserDefaultLangID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetShortPathNameW
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameA
GetFullPathNameW
GetFileSizeEx
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetBinaryTypeW
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
FlushViewOfFile
FlushInstructionCache
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreA
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryW
CopyFileW
ConnectNamedPipe
CompareStringW
CloseHandle
AreFileApisANSI
Sleep

gdi32

StretchBlt
SetStretchBltMode
SelectObject
Rectangle
GetStockObject
GetPixel
GetObjectW
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreatePen
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetApiBufferFree
NetUserEnum

ole32

OleInitialize
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize

ws2_32

WSAIoctl
WSAEventSelect
WSAGetLastError
WSASetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
inet_addr
htons
getsockname
ioctlsocket
connect
closesocket
__WSAFDIsSet

msvcrt

memset
memmove
memcpy
_beginthreadex
realloc
_ftol
memmove
memcmp
free
malloc
strncmp
memset
strlen
memcpy
localtime

shell32

ShellExecuteExW
SHAppBarMessage
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

wininet

InternetSetOptionW
InternetCrackUrlW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertCreateSelfSignCertificate
CertOpenSystemStoreW
CertGetNameStringW
CertStrToNameW
CertNameToStrW
CryptExportPKCS8
CryptAcquireCertificatePrivateKey
CryptExportPublicKeyInfoEx
CryptSignAndEncodeCertificate
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCreateCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptEncodeObject
PFXExportCertStoreEx

wsock32

__WSAFDIsSet
send
recv

iphlpapi

GetAdaptersInfo

winmm

mmioStringToFOURCCW

winspool.drv

GetDefaultPrinterW

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA

cryptui

CryptUIDlgViewCertificateW

avifil32

AVIFileRelease
AVIStreamRelease
AVIStreamWrite
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileCreateStreamW
AVIFileOpenW
AVIFileExit
AVIFileInit

shlwapi

StrStrW

ntdll

RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlAllocateHeap

wtsapi32

WTSQueryUserToken

Exports

Exports

ServiceMain
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 34KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 40B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e79accd3fe3dda16be77102fe4532def

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

netapi32

ole32

ws2_32

msvcrt

shell32

wininet

crypt32

wsock32

iphlpapi

winmm

winspool.drv

rasapi32

cryptui

avifil32

shlwapi

ntdll

wtsapi32

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.itext Size: 5KB - Virtual size: 5KB

.data Size: 252KB - Virtual size: 252KB

.bss Size: - Virtual size: 34KB

.idata Size: 16KB - Virtual size: 15KB

.didata Size: 1024B - Virtual size: 796B

.edata Size: 512B - Virtual size: 179B

.tls Size: - Virtual size: 40B

.rdata Size: 512B - Virtual size: 92B

.reloc Size: 242KB - Virtual size: 242KB

.rsrc Size: 21KB - Virtual size: 21KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.itext
Size: 5KB - Virtual size: 5KB

.data
Size: 252KB - Virtual size: 252KB

.bss
Size: - Virtual size: 34KB

.idata
Size: 16KB - Virtual size: 15KB

.didata
Size: 1024B - Virtual size: 796B

.edata
Size: 512B - Virtual size: 179B

.tls
Size: - Virtual size: 40B

.rdata
Size: 512B - Virtual size: 92B

.reloc
Size: 242KB - Virtual size: 242KB

.rsrc
Size: 21KB - Virtual size: 21KB