vermilion-stealer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vermilion-stealer.exe
Size

4.0MB
MD5

d2c9ab90ff1c0efce8618049e6a48545
SHA1

eb67850af6811a7adb0c01a12882f5a108cd912e
SHA256

22eff231162291b452e162fe3704243f2b5660ec58650dfa76a2aa71776d96b7
SHA512

dd68ebab8f613a413b6f9101ad28f70a40d1a85ccd7f1e27284b34d59752b1fc3a54987640342b9ec4dd9f497ec3851f5c462d496a49e02063bbf523ac70b281
SSDEEP

98304:QY+Max4j/7r3nFQgc3jvu2KTlLN1yLSw6:lB/7DnFQgc3LElhP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vermilion-stealer.exe

Files

vermilion-stealer.exe
.exe windows:6 windows x64 arch:x64

7620caae233f8ec3b6903ef3339a22e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MapVirtualKeyW
GetSystemMetrics
GetMessageA
DispatchMessageA
TranslateMessage
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclA
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
StartServiceA
OpenProcessToken
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
SystemFunction036
AllocateAndInitializeSid
FreeSid

iphlpapi

ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
GetAdaptersAddresses

userenv

GetUserProfileDirectoryW

ws2_32

sendto
getaddrinfo
accept
WSACleanup
WSASetLastError
WSAStartup
GetNameInfoW
FreeAddrInfoW
GetAddrInfoW
select
WSASendTo
WSARecvFrom
WSASend
getnameinfo
WSAIoctl
WSAGetOverlappedResult
send
socket
shutdown
listen
getsockname
getpeername
ioctlsocket
connect
bind
WSASocketW
setsockopt
getsockopt
closesocket
WSAGetLastError
htonl
htons
getprotobyname
getprotobynumber
ntohs
recvfrom
WSADuplicateSocketW
recv
WSARecv
freeaddrinfo

kernel32

GetProcessHeap
SetEnvironmentVariableA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
DeleteFileW
CreatePipe
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetConsoleCP
SetFileAttributesW
GetFileAttributesExW
SetStdHandle
CreateProcessA
CloseHandle
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
LocalAlloc
LocalFree
GetModuleFileNameA
FormatMessageA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
RaiseException
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
FreeLibrary
GetModuleHandleA
GetModuleHandleExA
GetProcAddress
LoadLibraryExA
GetFileType
GetConsoleMode
PostQueuedCompletionStatus
VerSetConditionMask
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
SetPriorityClass
GetPriorityClass
OpenProcess
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetVersionExW
GetModuleFileNameW
GetProcessIoCounters
HeapSize
FileTimeToSystemTime
GetConsoleTitleW
SetConsoleTitleW
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFinalPathNameByHandleW
GetFullPathNameW
ReadFile
RemoveDirectoryW
SetFilePointerEx
SetFileTime
WriteFile
DeviceIoControl
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
RtlUnwind
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
SetErrorMode
CreateIoCompletionPort
GetQueuedCompletionStatus
DebugBreak
CreateFileA
DuplicateHandle
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
CancelIoEx
CancelSynchronousIo
SwitchToThread
GetCurrentThread
QueueUserWorkItem
CreateNamedPipeA
GetNamedPipeHandleStateA
RegisterWaitForSingleObject
UnregisterWait
SetHandleInformation
CancelIo
SetFileCompletionNotificationModes
WriteConsoleInputW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
GetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleCursorInfo
SetConsoleTextAttribute
GetNumberOfConsoleInputEvents
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
WriteConsoleW
TerminateProcess
GetExitCodeProcess
CreateProcessW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LCMapStringW
SetConsoleCtrlHandler
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
GetStdHandle
GetStartupInfoW
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
ReleaseSemaphore
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetNativeSystemInfo
CreateSemaphoreA
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
ReadConsoleA
LoadLibraryA
LoadLibraryW
ExitProcess
LoadLibraryExW
SetEndOfFile
VerifyVersionInfoA
CopyFileW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

bcrypt

BCryptGenRandom

Exports

Exports

luaJIT_BC_init
luaJIT_BC_luvibundle
luaJIT_BC_luvipath
luaJIT_BC_re
luaJIT_profile_dumpstack
luaJIT_profile_start
luaJIT_profile_stop
luaJIT_setmode
luaJIT_version_2_1_0_beta3
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_execresult
luaL_fileresult
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadbufferx
luaL_loadfile
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushmodule
luaL_pushresult
luaL_ref
luaL_register
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_traceback
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_copy
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_lessthan
lua_load
lua_loadx
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tointegerx
lua_tolstring
lua_tonumber
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yield
luaopen_base
luaopen_bit
luaopen_debug
luaopen_ffi
luaopen_io
luaopen_jit
luaopen_luv
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_string_buffer
luaopen_table
luv_cfcpcall
luv_cfpcall
luv_context
luv_loop
luv_set_callback
luv_set_cthread
luv_set_loop
luv_set_thread
luv_set_thread_cb
luv_state

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7620caae233f8ec3b6903ef3339a22e2

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

iphlpapi

userenv

ws2_32

kernel32

bcrypt

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 806KB - Virtual size: 805KB

.data Size: 41KB - Virtual size: 2.6MB

.pdata Size: 136KB - Virtual size: 135KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 806KB - Virtual size: 805KB

.data
Size: 41KB - Virtual size: 2.6MB

.pdata
Size: 136KB - Virtual size: 135KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 32KB - Virtual size: 32KB