C:\Users\attat\source\repos\DotStealer-Builder (1.7) - NOT READY\DotStealer\DotStealer\obj\Release\net462\svchost.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Static task
static1
Behavioral task
behavioral1
Sample
36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755.exe
Resource
win7-20240903-en
General
-
Target
260373b0281173d7a116e4a54e361425.bin
-
Size
4.1MB
-
MD5
528c3e4064b0fe6682b91473cde2ba55
-
SHA1
48d88fcdeac2f1cb0196f77e0fc6e36d85a4e702
-
SHA256
a17d0759547b0ea0584e773e1acddbb39a7b093702e10c83dd8bd7a52b0f2a50
-
SHA512
e98a07d09adcc46c128e57f4a1558df04ca3b4a9f9d457b316404ded8e11dbfc77b07ed097c335d0b6eeb8f08fef04ff339751dace859d18ee440796ab75bb2f
-
SSDEEP
98304:pRArF0+pxlYnRx+4E3rTfCh6BH7AlYXffm2minuP/CUqm82xAIj7wD:pRue2xlYnD+4m9ZMqXfLmis/C3F2xAOI
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755.exe
Files
-
260373b0281173d7a116e4a54e361425.bin.zip
Password: infected
-
36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ