stealc | 1044-0-0x00000000007A0000-0x0000000000E40000-memory[.]dmp | Triage

Sharing

General

Target

1044-0-0x00000000007A0000-0x0000000000E40000-memory.dmp
Size

6.6MB
MD5

b6183954e52bc0af0d69e5e4b7a6e5d7
SHA1

089b4918e4352322d0770a3a42d165195269a0c6
SHA256

9bc7ba1a4efba5df922b5d3b92597ddc8416830ccbfe4ed0e631a7a6b35aa872
SHA512

db879688026a64390a3cef4c14bd36b005d4ce5cead3153c28410852375fe72bdb56e428971d528398dc7187fc9812c9a11a753d8f6c0559bfbfeee38d7926e5
SSDEEP

3072:plZkST3370krdYShTjZIMxP0k+wZrwNjMl2imNQHU3bMKkubv+Q98XpDI8:XDj3xdJERw9wNj6rUoUrhvzqpI8

Score

10^/10

stealc

Malware Config

Signatures

Stealc family
stealc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1044-0-0x00000000007A0000-0x0000000000E40000-memory.dmp

Files

1044-0-0x00000000007A0000-0x0000000000E40000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

adligwjc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fnzkdoce
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE