1337 SteamACC Stealer Private[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

1337 SteamACC Stealer Private.rar
Size

3.9MB
MD5

97f0f25c9cd1414f86f9d607a988cc0c
SHA1

cdcf02793f50c1a2e5d3e19445338944d249a613
SHA256

b986a3fdb6f50f277c2a75a39f63cb48cd2ebcc68b21c9e84f91d32327073f3d
SHA512

72d6b145e0ea7d15a33f1ac578d5a81bded1fd445d9dee5b12f33d7211df9b544cac98b02da745dda3a65ba29576302e0c4c3fb954fd97af3300d063828a484e
SSDEEP

98304:QS2KNq4q2iLrgyD1f64kYN2AU7DdjcEDgYO9DN:QHXksl2hJckO9DN

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1337 SteamACC Stealer Private/1337 SteamACC Stealer Private.exe
unpack001/1337 SteamACC Stealer Private/Xceed.Wpf.Toolkit.dll
unpack001/1337 SteamACC Stealer Private/data/Ionic.Zip.dll
unpack001/1337 SteamACC Stealer Private/data/Launcher.exe
unpack001/1337 SteamACC Stealer Private/data/Xceed.Wpf.Toolkit.dll
unpack001/1337 SteamACC Stealer Private/data/bin.exe
unpack001/1337 SteamACC Stealer Private/data/secproc.dll
unpack001/1337 SteamACC Stealer Private/secproc.dll

Files

1337 SteamACC Stealer Private.rar
.rar
1337 SteamACC Stealer Private/1337 SteamACC Stealer Private.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1337 SteamACC Stealer Private/LICENSE
1337 SteamACC Stealer Private/Screenshot.jpg
1337 SteamACC Stealer Private/Virus Total/desktop.ini
1337 SteamACC Stealer Private/Virus Total/scan.txt
1337 SteamACC Stealer Private/Xceed.Wpf.Toolkit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\ExtendedWPFToolkit\Release\3.5.0\OpenSource\Generated\Src\Xceed.Wpf.Toolkit\obj\Release\Xceed.Wpf.Toolkit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1337 SteamACC Stealer Private/data/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1337 SteamACC Stealer Private/data/LICENCE.dat
.zip
1337 SteamACC Stealer Private/data/LICENSE
1337 SteamACC Stealer Private/data/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1337 SteamACC Stealer Private/data/Xceed.Wpf.Toolkit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\ExtendedWPFToolkit\Release\3.5.0\OpenSource\Generated\Src\Xceed.Wpf.Toolkit\obj\Release\Xceed.Wpf.Toolkit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1337 SteamACC Stealer Private/data/bin.exe
.exe windows:4 windows x86 arch:x86

5e97c4d9c3e4c518588892854d3d8fa9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaVarTstLt
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaPutOwner3
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaPutFxStr4
_allmul
_CItan
__vbaUI1Var
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1337 SteamACC Stealer Private/data/secproc.dll
.dll windows:10 windows x86 arch:x86

1b3ad66a3bd78a19068f0e837f379b1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

secproc.pdb

Imports

msvcrt

??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
wcsncmp
_wcstoi64
??0exception@@QAE@ABQBD@Z
memcpy
wcsrchr
_wcsnicmp
wcsstr
wcstol
wcscpy_s
_wcsicmp
??0exception@@QAE@ABV0@@Z
_initterm
_lock
_unlock
__dllonexit
wcstombs
_onexit
??1type_info@@UAE@XZ
_callnewh
malloc
free
memmove
__CxxFrameHandler3
_purecall
_except_handler4_common
memcmp
memset

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetVersionExA

api-ms-win-core-file-l1-1-0

GetLogicalDriveStringsW
GetFileAttributesExW
GetDriveTypeW
GetVolumeInformationW
CreateFileA
CreateFileW
SetFilePointer
SetFileTime
GetFileTime
CompareFileTime
ReadFile
WriteFile

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-heap-l2-1-0

LocalFree

crypt32

CertVerifyCertificateChainPolicy
CryptUnprotectData

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

cryptsp

CryptDestroyHash
CryptSetKeyParam
CryptSetHashParam
CryptExportKey
CryptHashData
CryptAcquireContextW
CryptGenKey
CryptDeriveKey
CryptCreateHash
CryptDecrypt
CryptGenRandom
CryptEncrypt
CryptContextAddRef
CryptReleaseContext
CryptSignHashA
CryptDestroyKey
CryptImportKey
CryptDuplicateKey
CryptGetKeyParam
CryptGetHashParam
CryptVerifySignatureA
CryptGetDefaultProviderW

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32FirstW
Module32NextW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

msdrm

DRMGetUnboundLicenseAttributeCount
DRMGetUnboundLicenseObject
DRMGetUnboundLicenseAttribute
DRMGetUnboundLicenseObjectCount
DRMCloseQueryHandle
DRMParseUnboundLicense

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SPAttest
SPBindLicense
SPCheckEnvironmentSecurity
SPCloseHandle
SPCommit
SPCreateDecryptor
SPCreateEnablingPrincipal
SPCreateEncryptor
SPCreatePCE
SPCreateSecurityProcessor
SPDecrypt
SPDecryptFinal
SPDecryptUpdate
SPEnableAndEncrypt
SPEnablePublishingLicense
SPEncrypt
SPEncryptFinal
SPEncryptUpdate
SPGetBoundRightKey
SPGetCurrentTime
SPGetInfo
SPGetLicenseAttribute
SPGetLicenseAttributeCount
SPGetLicenseObject
SPGetLicenseObjectCount
SPGetProcAddress
SPIsActivated
SPLoadLibrary
SPRegisterRevocationList
SPSign

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1337 SteamACC Stealer Private/secproc.dll
.dll windows:10 windows x86 arch:x86

1b3ad66a3bd78a19068f0e837f379b1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

secproc.pdb

Imports

msvcrt

??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
wcsncmp
_wcstoi64
??0exception@@QAE@ABQBD@Z
memcpy
wcsrchr
_wcsnicmp
wcsstr
wcstol
wcscpy_s
_wcsicmp
??0exception@@QAE@ABV0@@Z
_initterm
_lock
_unlock
__dllonexit
wcstombs
_onexit
??1type_info@@UAE@XZ
_callnewh
malloc
free
memmove
__CxxFrameHandler3
_purecall
_except_handler4_common
memcmp
memset

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetVersionExA

api-ms-win-core-file-l1-1-0

GetLogicalDriveStringsW
GetFileAttributesExW
GetDriveTypeW
GetVolumeInformationW
CreateFileA
CreateFileW
SetFilePointer
SetFileTime
GetFileTime
CompareFileTime
ReadFile
WriteFile

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-heap-l2-1-0

LocalFree

crypt32

CertVerifyCertificateChainPolicy
CryptUnprotectData

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

cryptsp

CryptDestroyHash
CryptSetKeyParam
CryptSetHashParam
CryptExportKey
CryptHashData
CryptAcquireContextW
CryptGenKey
CryptDeriveKey
CryptCreateHash
CryptDecrypt
CryptGenRandom
CryptEncrypt
CryptContextAddRef
CryptReleaseContext
CryptSignHashA
CryptDestroyKey
CryptImportKey
CryptDuplicateKey
CryptGetKeyParam
CryptGetHashParam
CryptVerifySignatureA
CryptGetDefaultProviderW

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32FirstW
Module32NextW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

msdrm

DRMGetUnboundLicenseAttributeCount
DRMGetUnboundLicenseObject
DRMGetUnboundLicenseAttribute
DRMGetUnboundLicenseObjectCount
DRMCloseQueryHandle
DRMParseUnboundLicense

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SPAttest
SPBindLicense
SPCheckEnvironmentSecurity
SPCloseHandle
SPCommit
SPCreateDecryptor
SPCreateEnablingPrincipal
SPCreateEncryptor
SPCreatePCE
SPCreateSecurityProcessor
SPDecrypt
SPDecryptFinal
SPDecryptUpdate
SPEnableAndEncrypt
SPEnablePublishingLicense
SPEncrypt
SPEncryptFinal
SPEncryptUpdate
SPGetBoundRightKey
SPGetCurrentTime
SPGetInfo
SPGetLicenseAttribute
SPGetLicenseAttributeCount
SPGetLicenseObject
SPGetLicenseObjectCount
SPGetProcAddress
SPIsActivated
SPLoadLibrary
SPRegisterRevocationList
SPSign

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 181KB - Virtual size: 180KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 478KB - Virtual size: 477KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

5e97c4d9c3e4c518588892854d3d8fa9

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

1b3ad66a3bd78a19068f0e837f379b1e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-memory-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 181KB - Virtual size: 180KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.text
Size: 321KB - Virtual size: 321KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 321KB - Virtual size: 321KB

.data
Size: 1024B - Virtual size: 2KB