strela | Ontrack Easy Recovery pro 15[.]2[.]0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Ontrack Easy Recovery pro 15.2.0.exe
Size

312.9MB
MD5

b4f3e7f77034e822af48c525fad641d8
SHA1

2a9d0541ec63db944b06f2a71415e986fc5d4bcb
SHA256

f137766576b1539b73f9c132f07db4ea08b87108535037cf1794fbe37fa3d14c
SHA512

3e7cd905d2b2731dce45b18cc4dc569cec9975de0617d725abb3917ae9ee294f45b9683a25a2e37db4e71a0bf83dda7ebbf2321d878903c8e8d4fad430de14aa
SSDEEP

3145728:yTK7ryGFKYGpJrrO9S1Qor9VNxdA9nZjtqkYj2giXCXRIqa/jt9iqfMgpAhYh2g5:mK7OGFKvHrrqS1Qor9V9A9NfzaPlaEO

Score

10^/10

pdf link strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ontrack Easy Recovery pro 15.2.0.exe

Files

Ontrack Easy Recovery pro 15.2.0.exe
.exe windows:4 windows x86 arch:x86

ad9d11227a86b863e31ddf6019cc7ab5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
system
memcpy
_wfopen
fseek
fclose
wcsncpy
wcslen
wcscpy
wcscat
wcscmp
memmove
memcmp
_stricmp
sscanf
atoi
strlen
strcpy
strcat
sprintf
malloc
free
_wstat
_wcsdup
strcmp
floor
ceil
_CIpow
_isnan
_finite
fread
longjmp
_setjmp3
ftell
wcsncmp
_snwprintf
_wcsicmp
tolower
localtime
mktime
_wcsnicmp
_itow
gmtime
fabs
pow
??3@YAXPAX@Z
wcsstr
calloc
_errno
strrchr
strchr
strncpy
memchr
_lseeki64
realloc
abort
_close
_wopen
_setmode
exit
_open_osfhandle
_strdup
_snprintf
setlocale
strncmp
wctomb
_get_osfhandle
_open
toupper
wcschr
mbstowcs
frexp
modf
fopen
strerror
atof
abs
fflush
fwrite
__p__iob
fprintf
getenv
_stati64
time
_ftime
_vsnwprintf
cos
fmod
sin

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetDiskFreeSpaceExW
GetCurrentProcess
GetLastError
GetUserDefaultLangID
GetSystemInfo
ExpandEnvironmentStringsW
FormatMessageW
LocalFree
OutputDebugStringW
LoadLibraryW
FindResourceW
FreeLibrary
LoadResource
SizeofResource
LockResource
CreateMutexW
CloseHandle
BeginUpdateResourceW
EndUpdateResourceW
GetBinaryTypeW
UpdateResourceW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
HeapAlloc
HeapFree
Sleep
CreateFileW
GetFileSize
ReadFile
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
SetEnvironmentVariableW
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
GetModuleFileNameW
GetProfileStringW
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
SetEndOfFile
WriteFile
DeleteFileW
HeapReAlloc
GetVersionExW
SetLastError
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
GetDriveTypeW
GetFileAttributesW
GetTempPathW
MulDiv
GetLocalTime
TlsAlloc
TlsSetValue
TlsGetValue
GlobalFree
GlobalAlloc
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsValidCodePage
GetACP
GetOEMCP
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

IsWindowEnabled
IsWindowVisible
ExitWindowsEx
GetActiveWindow
SendMessageW
GetWindowTextLengthW
GetSysColor
SetRect
GetWindowLongW
RedrawWindow
GetDlgCtrlID
GetWindowTextW
ShowWindow
SetForegroundWindow
SetWindowLongW
UpdateLayeredWindow
DestroyIcon
EnumWindows
MessageBoxW
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
EnableWindow
SetWindowPos
DestroyWindow
SystemParametersInfoW
SetFocus
GetFocus
GetParent
GetClassNameW
SetWindowTextW
CallWindowProcW
RemovePropW
GetWindowRect
GetPropW
CreateWindowExW
SetPropW
SetScrollPos
GetDC
InflateRect
ReleaseDC
GetWindowDC
MapWindowPoints
MoveWindow
InvalidateRect
GetIconInfo
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
ScreenToClient
GetSystemMetrics
GetSysColorBrush
DrawTextW
GetWindow
ValidateRect
ClientToScreen
GetClientRect
FillRect
DefWindowProcW
LoadCursorW
RegisterClassExW
SetClassLongW
EnumPropsExW
SetActiveWindow
LoadIconW
IsZoomed
IsIconic
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
DestroyAcceleratorTable
GetMenu
SetTimer
KillTimer
DefFrameProcW
EnumChildWindows
GetKeyState
IsChild
RegisterWindowMessageW
CreateIconFromResourceEx
CreateIconFromResource
CharLowerW
DrawIconEx

gdi32

StartDocW
GetMapMode
SetMapMode
GetDeviceCaps
DPtoLP
StartPage
EndPage
EndDoc
SetBkColor
CreateDCW
DeleteObject
GetStockObject
CreateFontIndirectW
ExcludeClipRect
GetObjectType
GetObjectW
SetTextColor
SelectObject
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetStretchBltMode
StretchBlt
CreateSolidBrush
GdiGetBatchLimit
GdiSetBatchLimit
BitBlt
CreateDIBSection
SetBrushOrgEx
CreateBitmap
SetPixel
GetDIBits
CreateFontW
SetBkMode
SetTextAlign
TextOutW
GetTextMetricsW
GetPixel

comdlg32

PrintDlgW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
GetUserNameW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectory
SHBrowseForFolderW
ExtractIconW
SHGetFileInfoW
ShellExecuteExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.code
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad9d11227a86b863e31ddf6019cc7ab5

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

comdlg32

advapi32

comctl32

ole32

shell32

version

Sections

.code Size: 66KB - Virtual size: 66KB

.text Size: 576KB - Virtual size: 576KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 56KB - Virtual size: 63KB

.rsrc Size: 11KB - Virtual size: 11KB

.code
Size: 66KB - Virtual size: 66KB

.text
Size: 576KB - Virtual size: 576KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 56KB - Virtual size: 63KB

.rsrc
Size: 11KB - Virtual size: 11KB