svcstealer | 4db6590cb50ec1a718a17d5fea9dfeba7c8451f4558b893c518cf6672aedc45a

Sharing

Copy URL

Twitter E-mail

General

Target

4db6590cb50ec1a718a17d5fea9dfeba7c8451f4558b893c518cf6672aedc45a
Size

615KB
MD5

445b3781dc7d6ac6a52bec31d74bcd32
SHA1

d8574d03d025d4e888037a4d4a46547c6ba13141
SHA256

4db6590cb50ec1a718a17d5fea9dfeba7c8451f4558b893c518cf6672aedc45a
SHA512

fec72af5a3afb6784e7571e16e01ad91573a78a449d0c0faa8ffd4481174369bb0ab672bf90e2d63b37f2093cc60c909a84e700fa331479fdc075f369ba0ce9f
SSDEEP

12288:Tl+79fergMgm+w7dioulRCh3NncLkIug31fCYonRT/AO:Tlc9fergMgm+sdhuls0kIdFKlBo

Score

10^/10

svcstealer

Malware Config

Signatures

Detects SvcStealer Payload 1 IoCs

SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

resource	yara_rule
sample	family_svcstealer

Svcstealer family
svcstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4db6590cb50ec1a718a17d5fea9dfeba7c8451f4558b893c518cf6672aedc45a

Files

4db6590cb50ec1a718a17d5fea9dfeba7c8451f4558b893c518cf6672aedc45a
.exe windows:5 windows x64 arch:x64

d5550c38a1ba1bf89267abad76b56796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

strchr
_snprintf
strncmp
strncpy
RtlExitUserThread
ZwResumeThread
NtQueryInformationThread
NtQueueApcThread
strstr
tolower
isalpha
sscanf
_snwprintf
NtQueryInformationProcess
RtlRandom
__chkstk
memcpy
_stricmp
memset
__C_specific_handler

kernel32

UnlockFileEx
lstrlenA
GlobalLock
GlobalAlloc
Sleep
GlobalUnlock
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
lstrcatA
SetFileAttributesA
ExitProcess
GetComputerNameA
VirtualQuery
lstrcpynA
OpenProcess
GetVersionExW
lstrcmpiA
GetModuleFileNameA
CloseHandle
GetCurrentProcessId
lstrcpyA
Process32First
VirtualFree
CreateRemoteThread
VirtualAllocEx
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
WriteProcessMemory
GetCurrentProcess
WaitForSingleObject
VirtualProtectEx
VirtualProtect
HeapReAlloc
HeapFree
VirtualAlloc
lstrcmpA
ExitThread
GetLastError
SetLastError
GetTempFileNameA
WinExec
GetTempPathA
CreateFileA
GetFileSize
SetFilePointer
MoveFileExA
SetEndOfFile
GetTickCount
WriteFile
ReadFile
FlushInstructionCache
LockFileEx
OpenMutexA
LocalAlloc
GetExitCodeThread
GetSystemInfo
CreateMutexA
GetVersionExA
LocalFree
DeleteFileA
CreateThread

user32

GetForegroundWindow
GetSystemMetrics

advapi32

RegSetValueExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExA
RegOpenKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegQueryValueExA

shlwapi

PathCombineA
UrlGetPartA
PathFindFileNameA
StrToIntA
StrStrIA

shell32

ShellExecuteExA
SHGetFolderPathA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

wininet

InternetCrackUrlA
InternetSetOptionA
HttpQueryInfoA
HttpSendRequestA
InternetConnectA
InternetOpenA
HttpOpenRequestA
InternetCloseHandle
InternetReadFile

urlmon

URLDownloadToFileA

Exports

Exports

DownloadRunExeId
DownloadRunExeUrl
DownloadRunModId
DownloadUpdateMain
InjectApcRoutine
InjectNormalRoutine
SendLogs
WriteConfigString

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5550c38a1ba1bf89267abad76b56796

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

psapi

wininet

urlmon

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 272KB - Virtual size: 279KB

.pdata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 308KB - Virtual size: 308KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 272KB - Virtual size: 279KB

.pdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 308KB - Virtual size: 308KB