lucastealer | Nvidia Manager

Sharing

Copy URL

Twitter E-mail

General

Target

Nvidia Manager
Size

17.1MB
MD5

505c82de0d88ad7024d2982e44d1d118
SHA1

798cec05d8875d7afec0e78a1f2eefc30ea961de
SHA256

de6ad3a7e011954f1a31e68d083aa35cfe0229ca980724334d3cd1cac2e804e1
SHA512

536245a22ade94ed378b99ff5ea9fca234c1848f583b1c6db4b6916666d9b59ae538d2c3797b9f1972ff3e6fa4e15f4c3dc16e6934bebc984d89197331f7811e
SSDEEP

98304:/VAj4+4BjIW9rqZdAgNnrYtt+TIGAAU+XeXM+J+JBiGSEX9cUh9iOiTUVtZBgx:/VAjxS6YtuIGlZOcprk

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_lucastealer

Lucastealer family
lucastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
Nvidia Manager

Files

Nvidia Manager
.exe windows:6 windows x64 arch:x64

e952b96ec664d5d45072dc88c1d0f60d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\EliteZ\Desktop\Projects\Rust\cargo-stealer\target\debug\deps\cargo_stealer.pdb

Imports

kernel32

QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceFrequency
WriteFile
GetOverlappedResult
ReadFile
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetFileInformationByHandle
SetFileCompletionNotificationModes
RtlVirtualUnwind
LocalFree
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
TryAcquireSRWLockExclusive
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
FileTimeToSystemTime
GetSystemInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleFileNameW
CloseHandle
CreateFileW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
ReleaseSRWLockExclusive
GetLastError
DuplicateHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
GetCurrentProcessId
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
AcquireSRWLockExclusive
GetModuleHandleW
ExitProcess
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
GlobalSize
InitializeSListHead
IsDebuggerPresent
GetFileAttributesW
GlobalFree
RaiseException
GlobalUnlock
SetHandleInformation
GlobalLock
FormatMessageW
GlobalAlloc
VirtualQuery

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
GetClipboardData
CloseClipboard
SetClipboardData
GetMonitorInfoW
OpenClipboard

advapi32

RegCreateKeyExA
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey

crypt32

CryptUnprotectData
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateStore
CertCloseStore

secur32

ApplyControlToken
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
DecryptMessage
AcquireCredentialsHandleA
QueryContextAttributesW
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW

ws2_32

recv
shutdown
getpeername
getsockname
connect
bind
WSASocketW
closesocket
send
WSASend
WSAIoctl
setsockopt
ioctlsocket
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
getsockopt

ntdll

NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx

gdi32

DeleteDC
CreateDCW
SetStretchBltMode
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
GetObjectW
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SafeArrayDestroy
SysFreeString
SysAllocStringLen

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity

bcrypt

BCryptGenRandom

vcruntime140

memcpy
__CxxFrameHandler3
memset
memmove
memcmp
strrchr
__vcrt_LoadLibraryExW
_CxxThrowException
__C_specific_handler
__vcrt_GetModuleFileNameW
__C_specific_handler_noexcept
__current_exception
__current_exception_context

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass
log

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
realloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcspn
strcmp
strcat_s
strlen
strncmp
strcpy_s

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_register_thread_local_exe_atexit_callback
_register_onexit_function
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initialize_onexit_table
terminate
_initterm_e
exit
_c_exit
_cexit
__p___argv
_crt_atexit
_endthreadex
_exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 623KB - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e952b96ec664d5d45072dc88c1d0f60d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

crypt32

secur32

ws2_32

ntdll

gdi32

oleaut32

ole32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 13.6MB - Virtual size: 13.6MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 83KB - Virtual size: 87KB

.pdata Size: 623KB - Virtual size: 622KB

.reloc Size: 55KB - Virtual size: 54KB

.text
Size: 13.6MB - Virtual size: 13.6MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 83KB - Virtual size: 87KB

.pdata
Size: 623KB - Virtual size: 622KB

.reloc
Size: 55KB - Virtual size: 54KB