stellar (press 2)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

stellar (press 2).exe
Size

1.0MB
MD5

2729ca96b92aa511339049a7bd541875
SHA1

85eeb56b0594fbef9174c4733ed7c3d242853d8d
SHA256

02ea9214694ecb7856c52b201e558368704454bee74beee86e857f0350b9d6fe
SHA512

a1ce74cb2a85ac29a851e91b59c3b5e76366e6c40d24babd8e07c82f15a32def5cfe3517f6cee3b78cdfa44d450f78f69cee0e3716968af1b5113029c9814092
SSDEEP

24576:WHxEhE/kM6OIoGl/wxAyEYnGEVHA+sGwMHmL17RA8Zonh5QcmY3Tpb:LE/Tq/YnGEVmL1dCh5QcmYD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
stellar (press 2).exe

Files

stellar (press 2).exe
.exe windows:6 windows x64 arch:x64

ec9b63590fbf836cc8b437319bead526

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\koda\Downloads\stellar main\stellar main\output\build\stellar.pdb

Imports

winmm

PlaySoundA

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
DeviceIoControl
AcquireSRWLockExclusive
SleepConditionVariableSRW
Sleep
GetCurrentThreadId
LocalFree
FormatMessageA
Process32Next
CreateDirectoryW
FindClose
VirtualFree
GetCurrentProcess
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetModuleHandleW
Process32First
GetCurrentProcessId
lstrcmpiA
CreateFileA
CreateToolhelp32Snapshot
GetLocaleInfoEx
CreateFileW
GetFileInformationByHandleEx
WakeAllConditionVariable
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
CreateProcessA
GetProcAddress
GetModuleHandleA
LoadLibraryExA
FindFirstFileExW
VirtualAlloc
GetConsoleWindow
ExitProcess
CloseHandle
GetLastError
GetStdHandle
SetConsoleTitleA
SetConsoleTextAttribute
FindFirstFileW
ReleaseSRWLockExclusive

user32

SetLayeredWindowAttributes
GetWindowLongA
DispatchMessageA
GetWindowRect
DestroyWindow
GetSystemMetrics
ShowWindow
SetWindowDisplayAffinity
GetMonitorInfoA
MoveWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
MonitorFromWindow
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
SetWindowLongA
SendInput
GetAsyncKeyState
ScreenToClient
FindWindowA
GetForegroundWindow
MessageBoxA
MessageBoxW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetCursorPos
GetCursorPos
mouse_event
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
IsWindowUnicode
ReleaseCapture

gdi32

CreateSolidBrush

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA

shell32

SHGetFolderPathW

msvcp140

_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
_Query_perf_counter
_Mtx_unlock
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Thrd_id
_Thrd_join
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

ntdll

NtQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

dbghelp

ImageDirectoryEntryToData
ImageNtHeader
ImageRvaToVa

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
__current_exception_context
__current_exception
memcpy
memchr
strstr
__C_specific_handler
__std_exception_copy
__std_exception_destroy
memmove
memcmp
__std_terminate

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_beginthreadex
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
perror
exit
_invalid_parameter_noinfo_noreturn
abort

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fsetpos
fgetc
ungetc
setvbuf
_fseeki64
__stdio_common_vsprintf
__p__commode
_set_fmode
_wfopen
__stdio_common_vsscanf
fgetpos
fputc
fread
feof
_lseek
fwrite
_fileno
_open
fgets
_write
_close
_setmode
__stdio_common_vfprintf
fseek
_read
clearerr
fclose
fflush
__acrt_iob_func
fopen
ferror
ftell

api-ms-win-crt-math-l1-1-0

__setusermatherr
powf
acosf
fmodf
sqrtf
cosf
ceilf
fminf
atan2f
sinf

api-ms-win-crt-convert-l1-1-0

atof
strtoull

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-string-l1-1-0

_stricmp
tolower
strcmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort
rand

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 594KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec9b63590fbf836cc8b437319bead526

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

d3d11

imm32

d3dcompiler_43

dwmapi

d3dx11_43

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 594KB - Virtual size: 602KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 594KB - Virtual size: 602KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB