statusrecorder | SecuriteInfo[.]com[.]Trojan[.]PWS[.]Steam[.]34994[.]18917[.]22410[.]exe | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.PWS.Steam.34994.18917.22410.exe
Size

34KB
MD5

39e7dc7f0cfa0ef6b646e794161d91a7
SHA1

d2459e4a0b2559937e4d3cc1627efc12a870fe66
SHA256

acf88f80055908ced219ba8c7ada933fda1b6861800e156e64491ab9077842eb
SHA512

3de454b3be90c8a91a08d8af929d35ca4994b9c3410134b77ad638204d9a7de384999be7a5d33e2b57910ff247da98a58094738f77be9743ff0e0e07e46a1a27
SSDEEP

768:hbOs+EjBO4cl767rI2jUzxoHEQLfp+Zc+wRrl6eUzyjbFCHy5b7I2lSVRR9wggRX:1Os+EDVLf9VRo7gRemy8s

Score

10^/10

statusrecorder

Malware Config

Extracted

Family

statusrecorder

C2

78.153.130.24

Signatures

Statusrecorder family
statusrecorder

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.PWS.Steam.34994.18917.22410.exe

Files

SecuriteInfo.com.Trojan.PWS.Steam.34994.18917.22410.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ