svcstealer | Flasher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Flasher.exe
Size

573KB
MD5

eff931961e9134a9945fadd29df90ff7
SHA1

cc27b1d909b14a01a88d27545007703aa9c82d36
SHA256

f126cbaecfd33f8026cf15a223857503f147b947dccb7a5da727ea19a4a5963b
SHA512

5a5bdd3458b64ff434598dd09c98d2ef31945288560d2995ec6200ed0894a71e2522d5ffbdb23f9fcd59159bb811983b0c2862b688cff5fc7fbb50e9a113f290
SSDEEP

12288:ntuH9xWLgvHIh+bOH1JcyDXFJgazKHWs88/vNKI8e:nto9xWLgvHI+OHPcy7T7zBs88/vgZe

Score

10^/10

svcstealer

Malware Config

Signatures

Detects SvcStealer Payload 1 IoCs

SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

resource	yara_rule
sample	family_svcstealer

Svcstealer family
svcstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Flasher.exe

Files

Flasher.exe
.exe windows:5 windows x64 arch:x64

d5550c38a1ba1bf89267abad76b56796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

strchr
_snprintf
strncmp
strncpy
RtlExitUserThread
ZwResumeThread
NtQueryInformationThread
NtQueueApcThread
strstr
tolower
isalpha
sscanf
_snwprintf
NtQueryInformationProcess
RtlRandom
__chkstk
memcpy
_stricmp
memset
__C_specific_handler

kernel32

UnlockFileEx
lstrlenA
GlobalLock
GlobalAlloc
Sleep
GlobalUnlock
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
lstrcatA
SetFileAttributesA
ExitProcess
GetComputerNameA
VirtualQuery
lstrcpynA
OpenProcess
GetVersionExW
lstrcmpiA
GetModuleFileNameA
CloseHandle
GetCurrentProcessId
lstrcpyA
Process32First
VirtualFree
CreateRemoteThread
VirtualAllocEx
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
WriteProcessMemory
GetCurrentProcess
WaitForSingleObject
VirtualProtectEx
VirtualProtect
HeapReAlloc
HeapFree
VirtualAlloc
lstrcmpA
ExitThread
GetLastError
SetLastError
GetTempFileNameA
WinExec
GetTempPathA
CreateFileA
GetFileSize
SetFilePointer
MoveFileExA
SetEndOfFile
GetTickCount
WriteFile
ReadFile
FlushInstructionCache
LockFileEx
OpenMutexA
LocalAlloc
GetExitCodeThread
GetSystemInfo
CreateMutexA
GetVersionExA
LocalFree
DeleteFileA
CreateThread

user32

GetForegroundWindow
GetSystemMetrics

advapi32

RegSetValueExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExA
RegOpenKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegQueryValueExA

shlwapi

PathCombineA
UrlGetPartA
PathFindFileNameA
StrToIntA
StrStrIA

shell32

ShellExecuteExA
SHGetFolderPathA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

wininet

InternetCrackUrlA
InternetSetOptionA
HttpQueryInfoA
HttpSendRequestA
InternetConnectA
InternetOpenA
HttpOpenRequestA
InternetCloseHandle
InternetReadFile

urlmon

URLDownloadToFileA

Exports

Exports

DownloadRunExeId
DownloadRunExeUrl
DownloadRunModId
DownloadUpdateMain
InjectApcRoutine
InjectNormalRoutine
SendLogs
WriteConfigString

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5550c38a1ba1bf89267abad76b56796

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

psapi

wininet

urlmon

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 251KB - Virtual size: 258KB

.pdata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 287KB - Virtual size: 288KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 251KB - Virtual size: 258KB

.pdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 287KB - Virtual size: 288KB