8ec079a0bdded89e105bd8168620acb55eeed39d669164934dbe29d1172b29e2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8ec079a0bdded89e105bd8168620acb55eeed39d669164934dbe29d1172b29e2.zip
Size

2.5MB
MD5

6a7ec75b2bc37a732b57f533323632be
SHA1

80365d03a745c88fc9eb1940a170f8fb73b8b6f0
SHA256

729c4c32abce705758255ffa23612b4f0b9ff418adaf1c4dea384890ebe4f131
SHA512

afa558b90b1ca09e47cea7980601c55c15ee564fb987d7c66a3085ecbf292cc56183ea7687e48a508ee918892db2cb7f485aa7cb1c8704e54adb5cd5a268277c
SSDEEP

49152:KDOTOItX+ZicNVmOqfSErZBJLxxTcSd2Ler7oCgSsOmQT44Jg4:kcoZDNVN+rZnzkLerwvXQ0q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8ec079a0bdded89e105bd8168620acb55eeed39d669164934dbe29d1172b29e2

Files

8ec079a0bdded89e105bd8168620acb55eeed39d669164934dbe29d1172b29e2.zip
.zip

Password: infected
8ec079a0bdded89e105bd8168620acb55eeed39d669164934dbe29d1172b29e2
.exe windows:6 windows x64 arch:x64

Password: infected

811d7e88fbba7807d82f46c4842a9cd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rust_stealer_xss.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

bcryptprimitives

ProcessPrng

kernel32

WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
TerminateProcess
GetFileInformationByHandle
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
IsProcessorFeaturePresent
GetStdHandle
GetConsoleMode
InitializeSListHead
WriteConsoleW
GetModuleHandleA
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
lstrlenW
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
IsDebuggerPresent
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetCurrentProcess
CreateIoCompletionPort
GetProcAddress
LoadLibraryA
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SetFileCompletionNotificationModes
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
GlobalSize
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
RtlLookupFunctionEntry
WaitForSingleObjectEx
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
DeleteFileW
CopyFileExW
GlobalFree
GlobalUnlock
CreateFileW
PostQueuedCompletionStatus
RtlUnwindEx
QueryPerformanceCounter
LoadLibraryExA
FreeLibrary
GetExitCodeProcess
WaitForSingleObject
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GlobalLock
GetSystemTimePreciseAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetModuleFileNameW
Sleep
SetLastError
SetFileInformationByHandle
TlsAlloc
RtlCaptureContext
TlsGetValue
SwitchToThread
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
TlsSetValue
GetFinalPathNameByHandleW
TlsFree
LoadLibraryExW
CloseHandle
FindClose
HeapFree
GetSystemInfo
SleepEx
GetQueuedCompletionStatusEx
RtlPcToFileHeader

ws2_32

WSASend
shutdown
WSAIoctl
setsockopt
getsockname
getpeername
WSASocketW
getsockopt
select
connect
ioctlsocket
WSACleanup
recv
closesocket
send
WSAStartup
freeaddrinfo
socket
WSAGetLastError
accept
listen
bind
getaddrinfo

rstrtmgr

RmRegisterResources
RmGetList
RmStartSession

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
OpenClipboard
GetClipboardData
GetMonitorInfoW
SetClipboardData
CloseClipboard
EmptyClipboard

gdi32

CreateDCW
GetDeviceCaps
DeleteDC
CreateCompatibleBitmap
DeleteObject
GetObjectW
GetDIBits
StretchBlt
SetStretchBltMode
SelectObject
CreateCompatibleDC

ntdll

NtDeviceIoControlFile
NtReadFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtCreateFile
NtWriteFile

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegCloseKey
RegQueryValueExW
FreeSid
RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership

crypt32

CertDuplicateStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain
CryptUnprotectData

secur32

AcquireCredentialsHandleA
DeleteSecurityContext
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage
EncryptMessage
FreeCredentialsHandle
ApplyControlToken

oleaut32

SysAllocStringLen
SafeArrayUnaccessData
GetErrorInfo
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
SafeArrayDestroy
VariantClear
SysStringLen
SafeArrayGetLBound

api-ms-win-crt-math-l1-1-0

log
_dclass
__setusermatherr
truncf
exp2f
ceil
roundf
pow

api-ms-win-crt-string-l1-1-0

strlen
strcmp
wcsncmp
strcpy_s
strcspn
strncmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
calloc
_msize
free
malloc

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
_register_thread_local_exe_atexit_callback
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
_crt_atexit
_configure_narrow_argv
_set_app_type
terminate
_seh_filter_exe
abort
_endthreadex
_beginthreadex
_c_exit
exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

811d7e88fbba7807d82f46c4842a9cd7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

ws2_32

rstrtmgr

ole32

user32

gdi32

ntdll

bcrypt

advapi32

crypt32

secur32

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 83KB - Virtual size: 82KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 83KB - Virtual size: 82KB

.reloc
Size: 32KB - Virtual size: 32KB