7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.zip
Size

7.7MB
MD5

b964d70aacbe4ef7e426bc581c22b242
SHA1

6dee76d5c342cc5bf8da2a737568d877f27945a1
SHA256

77737acf7b607545af8db683f21880bdd1a79c5c17e25a8669a51987586ba7ee
SHA512

231f0a00909eaeef110956c84600f4f543b88d3777177247e1516e86cee2d4272e6c7dc51385bffc8b27039454aa7f69f8c81864abe91b6029cadb8c59c041fb
SSDEEP

196608:EZCwAxQZ021sTzgaJlDy5uRR35/4sdnj4a+iwZveOdX:ebZ0I4zByIR34sdZ+iueOdX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd

Files

7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd.zip
.zip

Password: infected
7dbdb73c15410a9d439f49aa0cca0a65c9b5ff8660774892099effa546e943bd
.exe windows:6 windows x64 arch:x64

Password: infected

393f0b2512e1afc513eb81e624156f96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rust_stealer_xss.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

ws2_32

WSACleanup
WSAStartup
WSAIoctl
WSAGetLastError
select
socket
setsockopt
recv
ntohs
htons
getsockname
getpeername
connect
closesocket
bind
accept
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
ioctlsocket
getaddrinfo
freeaddrinfo
htonl
listen
WSASocketW
WSADuplicateSocketW
shutdown
WSARecv
getsockopt
send
__WSAFDIsSet
WSASend
WSASetLastError

crypt32

CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectData

secur32

QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
LsaGetLogonSessionData
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

kernel32

ReleaseMutex
lstrlenW
GetSystemTimePreciseAsFileTime
TerminateProcess
FindNextFileW
GetStdHandle
SetFilePointerEx
DuplicateHandle
GetCurrentProcess
SetFileInformationByHandle
FindClose
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
ExitProcess
WriteConsoleW
CreateThread
CreateMutexA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
CopyFileExW
GetEnvironmentVariableW
GetCurrentDirectoryW
RtlLookupFunctionEntry
RtlCaptureContext
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetUserPreferredUILanguages
GetLastError
GetModuleHandleW
GetProcAddress
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableA
CloseHandle
WaitForSingleObjectEx
CreateFileA
GetFileSizeEx
ReadFile
GetComputerNameExW
LoadLibraryExW
RtlVirtualUnwind
GetDiskFreeSpaceExW
CreateFileW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
OpenProcess
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetProcessTimes
VirtualQueryEx
ReadProcessMemory
GetSystemTimes
GetProcessIoCounters
GetTickCount64
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcessId
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
WriteFile
WaitForSingleObject
GetFileInformationByHandle
GetConsoleMode
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
GetUserNameW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
IsValidSid
OpenProcessToken
CopySid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetLengthSid
GetTokenInformation
LookupAccountSidW

oleaut32

SafeArrayGetLBound
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound

ole32

CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

pdh

PdhCloseQuery
PdhOpenQueryA
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

ntdll

NtQueryInformationProcess
NtQuerySystemInformation
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtReadFile
RtlGetVersion
NtOpenFile
NtWriteFile

psapi

GetModuleFileNameExW
GetPerformanceInfo

shell32

CommandLineToArgvW
SHGetKnownFolderPath

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups

iphlpapi

GetAdaptersAddresses
GetIfTable2
GetIfEntry2
FreeMibTable

gdi32

GetDIBits
SetStretchBltMode
GetDeviceCaps
CreateDCW
DeleteDC
CreateCompatibleBitmap
GetObjectW
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors

vcruntime140

memcpy
__current_exception_context
__C_specific_handler
_CxxThrowException
strstr
memchr
memcmp
strrchr
strchr
memmove
memset
__CxxFrameHandler3
__current_exception

api-ms-win-crt-string-l1-1-0

strncpy
strspn
strcpy
wcslen
_strdup
strlen
strcmp
strpbrk
strcspn
strncmp

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr
pow
_dclass
log

api-ms-win-crt-stdio-l1-1-0

_lseeki64
__stdio_common_vfprintf
__p__commode
fgets
_set_fmode
_open
fopen
fflush
_read
_write
_fileno
__stdio_common_vsprintf
fputc
_close
__stdio_common_vsscanf
ftell
fseek
feof
fputs
_fseeki64
__acrt_iob_func
fread
fwrite
fclose

api-ms-win-crt-heap-l1-1-0

_msize
free
calloc
realloc
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_endthreadex
_seh_filter_exe
_set_app_type
_beginthreadex
_configure_narrow_argv
_errno
__sys_errlist
_get_initial_narrow_environment
__sys_nerr
_initterm
_initterm_e
exit
_exit
terminate
__p___argc
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p___argv
_wassert
_initialize_narrow_environment
_cexit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi
strtoll
wcstombs

api-ms-win-crt-utility-l1-1-0

qsort
_byteswap_ulong
_byteswap_uint64
_rotl64

api-ms-win-crt-time-l1-1-0

clock
_time64
_localtime64_s
strftime
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_unlink

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 16.6MB - Virtual size: 16.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 975KB - Virtual size: 974KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

393f0b2512e1afc513eb81e624156f96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ws2_32

crypt32

secur32

kernel32

bcrypt

advapi32

oleaut32

ole32

pdh

powrprof

ntdll

psapi

shell32

netapi32

iphlpapi

gdi32

user32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 16.6MB - Virtual size: 16.6MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 165KB - Virtual size: 169KB

.pdata Size: 975KB - Virtual size: 974KB

.reloc Size: 83KB - Virtual size: 82KB

.text
Size: 16.6MB - Virtual size: 16.6MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 165KB - Virtual size: 169KB

.pdata
Size: 975KB - Virtual size: 974KB

.reloc
Size: 83KB - Virtual size: 82KB