stealc | 4116-0-0x0000000000EA0000-0x0000000001539000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4116-0-0x0000000000EA0000-0x0000000001539000-memory.dmp
Size

6.6MB
MD5

fd4befbbadab1cdc7fd2c3b0956abd0a
SHA1

355731b3abe0d75c094b8378dfef4dce0f3b0dc1
SHA256

805d419fa67b07f08b243c37fe7f08c3e0bb272ada172c6ec5d070a380097cae
SHA512

018efc5759b5ddd8feb7123082c184d30f800b962e8d1229b75c19e3c06da3cd8c58fb683148c7e5a4319af6a171d42cd399ec2e19e9e5e0e5d68b65323b9405
SSDEEP

3072:tv03cBXMju72atB74/ARnGZWfEQ4KIGR7yin2IFy:tv03wXgQ2UBgAZGZq4KMgXFy

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4116-0-0x0000000000EA0000-0x0000000001539000-memory.dmp

Files

4116-0-0x0000000000EA0000-0x0000000001539000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 79KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yugtkczm
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vzlcerwb
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE