CafeStella[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

CafeStella.exe
Size

4.5MB
MD5

2271f753137e5ac709d6d005ebd99756
SHA1

c25865be1d27877968f15871de38a57d9a49f306
SHA256

77a68670825c8e42c84d7cbbbde64c566b260ef9574ee3ab25ba64f99b80da60
SHA512

2170eeb77078bce9239995faf2eb8a893c17112b3f3599dd4fe6b1fdd632095104ffaa8aac492b05cf6dcecc77d0b98924e43c73eac920e7652ddde80e53fd25
SSDEEP

98304:H8ckMkFAB5V9r8kckghmq5qW6K27339Ynv52KU:H8cZd8kcgqC39SU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CafeStella.exe

Files

CafeStella.exe
.exe windows:5 windows x86 arch:x86

277b6e27b5785f425f2394d28495d60e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tvpwin32.pdb

Imports

kernel32

VirtualQuery
FindResourceW
LoadResource
IsBadReadPtr
OpenProcess
GlobalAlloc
Sleep
SizeofResource
GetVersionExW
GlobalFree
LockResource
GlobalMemoryStatusEx
SetCurrentDirectoryW
HeapSetInformation
GetCurrentThreadId
GetSystemTime
CreateMutexW
HeapQueryInformation
GetProcessHeaps
HeapWalk
LoadLibraryExW
GetNativeSystemInfo
HeapAlloc
HeapFree
VirtualFree
SetLastError
VirtualAlloc
LoadLibraryA
VirtualProtect
GetConsoleMode
FreeConsole
WriteConsoleW
GetLocalTime
SetConsoleTitleW
GetProcessAffinityMask
SetThreadAffinityMask
GlobalMemoryStatus
TerminateProcess
GetCurrentThread
SetThreadPriority
GlobalDeleteAtom
GlobalAddAtomW
MulDiv
OutputDebugStringW
FormatMessageW
SearchPathW
GetSystemDirectoryW
GetWindowsDirectoryW
WideCharToMultiByte
IsDBCSLeadByte
MultiByteToWideChar
GlobalLock
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
InterlockedCompareExchange
SetEvent
ExitThread
CreateEventW
SetThreadIdealProcessor
GetSystemInfo
GetThreadPriority
SuspendThread
ResumeThread
CreateThread
HeapDestroy
HeapCreate
LocalSize
GetTempFileNameW
SetProcessAffinityMask
SetEnvironmentVariableA
GetExitCodeProcess
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
GetFileType
GetFileAttributesExW
InitializeSListHead
GetOEMCP
GetACP
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
RaiseException
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
GetThreadTimes
DeleteFileA
AreFileApisANSI
GetModuleHandleExW
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetStringTypeW
ExitProcess
GetFullPathNameW
LocalFree
LocalLock
LocalUnlock
GetVolumeInformationW
GetCurrentProcessId
DeleteFileW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
CreateFileW
GetTickCount
CreateDirectoryW
SetEndOfFile
GetDriveTypeW
SetFilePointer
GetFileSize
CloseHandle
DuplicateHandle
CreatePipe
SetStdHandle
GetStdHandle
FlushFileBuffers
GetModuleFileNameW
ReadFile
WriteFile
GetCurrentProcess
CreateProcessW
FindNextFileW
FindClose
GetProcAddress
LoadLibraryW
FreeLibrary
FindFirstFileW
GetLastError
GetModuleHandleW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetProcessHeap
SetEnvironmentVariableW
HeapCompact

user32

SetTimer
ReleaseDC
GetDC
ChangeDisplaySettingsW
MessageBoxW
GetSysColor
SetWindowPos
GetParent
GetWindowRect
DefWindowProcW
CreateWindowExW
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
PostMessageW
DestroyWindow
GetWindowThreadProcessId
SendMessageW
SystemParametersInfoW
EnumDisplaySettingsW
LoadCursorFromFileW
PostQuitMessage
KillTimer
CloseClipboard
GetPriorityClipboardFormat
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
SetClipboardData
LoadStringW
ClientToScreen
SetWindowRgn
SetCapture
GetCursorPos
EnumWindows
GetFocus
EnumDisplaySettingsExW
SetFocus
GetForegroundWindow
GetKeyboardLayout
SetCursorPos
MonitorFromWindow
DestroyCaret
CreateCaret
SetCaretPos
EndPaint
GetWindowTextLengthW
GetSystemMenu
ScreenToClient
SetActiveWindow
GetMessageExtraInfo
GetKeyState
TrackMouseEvent
IsWindowEnabled
GetClientRect
BeginPaint
SetPropW
GetCapture
GetMenu
LoadIconW
SetRect
InvalidateRect
GetWindowTextW
GetMenuItemCount
AdjustWindowRectEx
ReleaseCapture
IsWindowVisible
UpdateWindow
SetWindowTextW
SetCursor
LoadCursorW
WindowFromPoint
GetCursor
DialogBoxParamW
GetDlgItem
EndDialog
SetDlgItemTextW
EnableWindow
TranslateAcceleratorW
DestroyAcceleratorTable
IsIconic
CreateAcceleratorTableW
WaitMessage
TranslateMessage
LoadAcceleratorsW
PeekMessageW
ShowWindow
DispatchMessageW
GetAsyncKeyState
GetSystemMetrics
GetMonitorInfoW

gdi32

EnumFontFamiliesExW
GetStockObject
GetTextMetricsW
CreateFontIndirectW
SelectObject
GetFontData
DeleteObject
GetObjectW
ExtCreateRegion
CreateRectRgn
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
EnumFontsW
DeleteDC
CreateDIBitmap
GetPixel
CombineRgn
SetPixel
CreateCompatibleBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
DragFinish
SHGetPathFromIDListW
ShellExecuteW
DragQueryFileW
DragAcceptFiles
SHBrowseForFolderW

ole32

CLSIDFromString
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2

winmm

timeEndPeriod
timeGetTime
timeGetDevCaps
timeBeginPeriod

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

mpr

WNetGetUniversalNameW

shlwapi

PathIsDirectoryW
PathFileExistsW

imm32

ImmGetContext
ImmGetOpenStatus
ImmIsIME
ImmSetCompositionFontW
ImmSetConversionStatus
ImmSetOpenStatus
ImmAssociateContext
ImmGetConversionStatus
ImmSetCompositionWindow
ImmReleaseContext

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

277b6e27b5785f425f2394d28495d60e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

winmm

version

mpr

shlwapi

imm32

dbghelp

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.adata Size: 1KB - Virtual size: 1KB

.rdata Size: 699KB - Virtual size: 698KB

.data Size: 41KB - Virtual size: 681KB

.rsrc Size: 603KB - Virtual size: 602KB

.reloc Size: 210KB - Virtual size: 209KB

.bind Size: 194KB - Virtual size: 194KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.adata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 699KB - Virtual size: 698KB

.data
Size: 41KB - Virtual size: 681KB

.rsrc
Size: 603KB - Virtual size: 602KB

.reloc
Size: 210KB - Virtual size: 209KB

.bind
Size: 194KB - Virtual size: 194KB