pandastealer | Cheat (infected)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Cheat (infected).zip
Size

273KB
MD5

3ec17e38bc4fac5cedb87468bfa81603
SHA1

73f475638eb756594a2054aa278748d8c5f6be50
SHA256

4546559b8ecb8e84601de391cfc256438e81827c2266d0468693e976c78be559
SHA512

99438ea65f33b7c5082b3463e2d64248b164a18f6df1b56775431c7b55d2edbea37eb3601ff9364f8d41c305089f2e58e25161a45bee1812b916e2e091ebeda2
SSDEEP

6144:u/9o6NdL5H8PYniBccW73c6BnVS3iBezETdclKeZmqPhCrvyty8q7:u66mPYnie73coVS3+ezEhmKeZjPhTy5

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/Cheat.exe	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cheat.exe

Files

Cheat (infected).zip
.zip

Password: infected
Cheat.exe
.exe windows:6 windows x86 arch:x86

Password: infected

da355f68b57e26770bbe652cacd27705

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
Sleep
GetTempPathA
GetLastError
GetFileAttributesA
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
DeleteFileW
CloseHandle
LoadLibraryW
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleFileNameA
FindFirstFileA
GetCurrentProcess
VirtualAlloc
FindNextFileA
CreateMutexA
WaitForSingleObject
LocalAlloc
ReleaseMutex
GetCurrentThreadId
DuplicateHandle
GetModuleHandleA
OpenProcess
SetCurrentDirectoryA
CreateToolhelp32Snapshot
GetFileInformationByHandle
CopyFileA
QueryFullProcessImageNameA
FileTimeToSystemTime
TlsAlloc
GlobalAlloc
Process32Next
GlobalFree
GetLocalTime
GlobalLock
CreateFileMappingA
LocalFree
SystemTimeToFileTime
GlobalMemoryStatusEx
TlsFree
MapViewOfFile
GlobalUnlock
lstrcmpW
WriteConsoleW
HeapSize
ReadConsoleW
GetStringTypeW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetFileAttributesW
CreateFileW
GetTempPathW
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
LeaveCriticalSection
WriteFile
GetFullPathNameW
AreFileApisANSI
EnterCriticalSection
ReadFile
UnmapViewOfFile
GetACP
IsValidCodePage
LCMapStringW
CompareStringW
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
SetFilePointerEx
GetFileInformationByHandleEx
GetLocaleInfoEx
RtlUnwind
RaiseException
SetLastError
EncodePointer
TlsGetValue
TlsSetValue
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetCPInfo
HeapReAlloc
HeapFree
HeapAlloc
GetFileType
GetConsoleOutputCP
GetConsoleMode
DecodePointer

user32

ReleaseDC
CloseClipboard
OpenClipboard
wsprintfA
IsClipboardFormatAvailable
GetClipboardData
GetDesktopWindow
GetKeyState
EnumDisplayDevicesA

gdi32

SelectObject
CreateCompatibleDC
StretchBlt
GetDIBits
GetDeviceCaps
GetObjectW
CreateDCA
CreateCompatibleBitmap

advapi32

RegGetValueA
GetCurrentHwProfileA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA

shell32

SHGetFolderPathA

ws2_32

htons
connect
socket
send
WSAStartup
inet_pton
closesocket
WSACleanup

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

da355f68b57e26770bbe652cacd27705

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

Sections

.text Size: 398KB - Virtual size: 397KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 398KB - Virtual size: 397KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB