pandastealer | 04a0df555be3775c491c33e43ee89fb4b1bc5adcdde04c0f1611e2211461347d

Sharing

Copy URL

Twitter E-mail

General

Target

04a0df555be3775c491c33e43ee89fb4b1bc5adcdde04c0f1611e2211461347d
Size

544KB
MD5

8f729b92f2b6acbf805e4589f925cf54
SHA1

df468bcf286b586718c6a33dc530674f233802fe
SHA256

04a0df555be3775c491c33e43ee89fb4b1bc5adcdde04c0f1611e2211461347d
SHA512

f49498dffe15c809865ee1c0a4e5c2078637192e1339edda74527332d806401b3bc42e243e906130496d510c7f523f5fa9fc208465439cfc699132ff22babe19
SSDEEP

12288:vtQxbHmk1wlpz8jX3rCXCXkiXcl6XHrJUZFA0NY3iCteyUvenM:vCpxwlpz8jX7CXCXkSVXliAmfEM

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a0df555be3775c491c33e43ee89fb4b1bc5adcdde04c0f1611e2211461347d

Files

04a0df555be3775c491c33e43ee89fb4b1bc5adcdde04c0f1611e2211461347d
.exe windows:6 windows x86 arch:x86

e3428061508bbf85fee5e4fb801dc91b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetVersionExA
DeleteFileA
DeleteFileW
CloseHandle
LoadLibraryW
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleFileNameA
Process32First
FindFirstFileA
GetCurrentProcess
VirtualAlloc
FindNextFileA
CreateMutexA
WaitForSingleObject
LocalAlloc
ReleaseMutex
UnmapViewOfFile
CreateFileA
OpenProcess
GetTempPathW
CreateToolhelp32Snapshot
GetFileInformationByHandle
CopyFileA
QueryFullProcessImageNameA
FileTimeToSystemTime
TlsAlloc
GlobalAlloc
Process32Next
GlobalFree
GetLocalTime
GlobalLock
CreateFileMappingA
LocalFree
SystemTimeToFileTime
GlobalMemoryStatusEx
TlsFree
MapViewOfFile
GlobalUnlock
HeapSize
ReadConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetFileAttributesA
GetLastError
GetTempPathA
Sleep
MultiByteToWideChar
GetCurrentThreadId
GetFileAttributesW
GetModuleHandleA
CreateFileW
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
AreFileApisANSI
WriteFile
GetFullPathNameW
EnterCriticalSection
GetOEMCP
GetACP
ReadFile
SetCurrentDirectoryA
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
SetFilePointerEx
GetFileInformationByHandleEx
EncodePointer
DecodePointer
InitializeCriticalSectionEx
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
RaiseException
SetLastError
TlsGetValue
TlsSetValue
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
HeapReAlloc
HeapFree
HeapAlloc
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
WriteConsoleW

user32

ReleaseDC
CloseClipboard
OpenClipboard
wsprintfA
IsClipboardFormatAvailable
GetClipboardData
GetDesktopWindow
GetKeyState
EnumDisplayDevicesA

gdi32

SelectObject
CreateCompatibleDC
StretchBlt
GetDIBits
GetDeviceCaps
GetObjectW
CreateDCA
CreateCompatibleBitmap

advapi32

GetCurrentHwProfileA
DuplicateTokenEx
RegOpenKeyExA
RevertToSelf
RegGetValueA
ImpersonateLoggedOnUser
OpenProcessToken
RegQueryInfoKeyA
RegEnumKeyExA

shell32

SHGetFolderPathA

crypt32

CryptUnprotectData

ws2_32

htons
connect
socket
send
WSAStartup
inet_pton
closesocket
WSACleanup

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3428061508bbf85fee5e4fb801dc91b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

crypt32

ws2_32

Sections

.text Size: 439KB - Virtual size: 438KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 439KB - Virtual size: 438KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 14KB - Virtual size: 13KB