fickerstealer | 4ca44bdbb7bf314ea7b4635adf0c514f9640888fa36f88da480f8c849a603994[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

4ca44bdbb7bf314ea7b4635adf0c514f9640888fa36f88da480f8c849a603994.zip
Size

174KB
MD5

3e9dad4b06f44ab9d290abb4973fc1c3
SHA1

c1fa1eedf512eeac864edb28dfd44a552f2195c5
SHA256

4ca44bdbb7bf314ea7b4635adf0c514f9640888fa36f88da480f8c849a603994
SHA512

24b3b74ccf8804cd443b0525b3cc90f43b98aa5ceb8be603d54d6fc05c1ba2c22f832660ba15c592bfe274a3d460a495e5361db229f3d3e02c2a4660e2ed9834
SSDEEP

3072:HdbB+i54wXhpHUkb2mynoYwaRNzY1Gyck7YeduWJU8SB57X2P:9SwXvKbwaRNzhHZmP

Score

10^/10

fickerstealer

Malware Config

Extracted

Family

fickerstealer

otsoebabe.com:80

Signatures

Fickerstealer family
fickerstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hajdfjadf.bin

Files

4ca44bdbb7bf314ea7b4635adf0c514f9640888fa36f88da480f8c849a603994.zip
.zip

Password: infected
hajdfjadf.bin
.exe windows:4 windows x86 arch:x86

cb664df5fa904736e15ac44ff006d780

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
CloseHandle
CreateDirectoryW
CreateFileW
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetComputerNameW
GetConsoleMode
GetEnvironmentVariableW
GetFileInformationByHandle
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTimeZoneInformation
GetUserDefaultLocaleName
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
Process32First
Process32Next
ReadFile
SetFilePointerEx
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
WriteConsoleW
WriteFile

msvcrt

__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

ws2_32

WSACleanup
WSAGetLastError
WSASocketW
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
ioctlsocket
recv
send
setsockopt
shutdown

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW

crypt32

CryptUnprotectData

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteObject
GetCurrentObject
GetObjectW
SelectObject

user32

EnumDisplayDevicesW
GetDC
GetDesktopWindow
GetKeyboardLayoutList
GetSystemMetrics
GetWindowRect

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 349B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

cb664df5fa904736e15ac44ff006d780

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ws2_32

advapi32

crypt32

gdi32

user32

Sections

.text Size: 212KB - Virtual size: 211KB

.data Size: 512B - Virtual size: 56B

.rdata Size: 12KB - Virtual size: 11KB

/4 Size: 36KB - Virtual size: 35KB

.bss Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

/14 Size: 512B - Virtual size: 88B

/29 Size: 8KB - Virtual size: 7KB

/41 Size: 512B - Virtual size: 349B

/55 Size: 1024B - Virtual size: 673B

/67 Size: 512B - Virtual size: 100B

/80 Size: 512B - Virtual size: 306B

.text
Size: 212KB - Virtual size: 211KB

.data
Size: 512B - Virtual size: 56B

.rdata
Size: 12KB - Virtual size: 11KB

/4
Size: 36KB - Virtual size: 35KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

/14
Size: 512B - Virtual size: 88B

/29
Size: 8KB - Virtual size: 7KB

/41
Size: 512B - Virtual size: 349B

/55
Size: 1024B - Virtual size: 673B

/67
Size: 512B - Virtual size: 100B

/80
Size: 512B - Virtual size: 306B