rust-stealer-xss[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rust-stealer-xss.exe
Size

5.4MB
MD5

93bc030335eafdd605be09d604e99d14
SHA1

2091d33f3d21681f292ba966fc2f052d8659769c
SHA256

431daed46a99f7f60d0c8d9c312ff5ba58f870951f574e09c77f904ce503aa77
SHA512

af6a8449623c216c52586e277a0f5fbb763967014691abed31ece343ab84de322e6c5f6fdc32f9d694b9885b8d0bee78525e51b62628f289282819dd824b111e
SSDEEP

49152:dVLnDkDGAAJW8z+AicuD1UN2et2LIwkXqt6sLj20Fd4Mxg5sAr38N3TNBbdA52aZ:TDwxsGmh06siqgCAQFclh+WCqj1pn++

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rust-stealer-xss.exe

Files

rust-stealer-xss.exe
.exe windows:6 windows x64 arch:x64

59525c1f071c43fbc3629d71ec941fbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rust_stealer_xss.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

ws2_32

htons
accept
shutdown
WSASend
send
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
bind
WSASocketW
getsockopt
connect
ioctlsocket
closesocket
WSAIoctl
getsockname
WSAGetLastError
socket
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
getpeername
WSAResetEvent
WSAWaitForMultipleEvents
__WSAFDIsSet
select
htonl
WSASetLastError
listen
ntohs

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CryptUnprotectData

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
FreeContextBuffer
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

advapi32

RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
GetUserNameW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SystemFunction036
RegQueryValueExW

kernel32

SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
MoveFileExA
Sleep
GetTickCount
GetEnvironmentVariableA
GetSystemDirectoryA
DeleteCriticalSection
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
HeapSize
CloseHandle
GetLastError
GetUserPreferredUILanguages
GetTickCount64
GetLogicalDrives
GetComputerNameExW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetFileInformationByHandleEx
DeleteFileW
SetFileInformationByHandle
SwitchToThread
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GetProcessHeap
HeapFree
HeapReAlloc
GetModuleHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
SetHandleInformation
SetLastError
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
lstrlenW
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
WideCharToMultiByte
GetStdHandle
GetConsoleMode
GetConsoleOutputCP
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetEnvironmentVariableW
GetModuleHandleA
QueryPerformanceFrequency
FormatMessageW
GetSystemInfo
GetTempPathW
GetFullPathNameW
CreateFileW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileExW
FindClose
CreateThread
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
CopyFileExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
ReadProcessMemory
VirtualQueryEx
OpenProcess
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GlobalMemoryStatusEx
PostQueuedCompletionStatus
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx

oleaut32

SysFreeString
VariantClear
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetUBound

iphlpapi

GetIfTable2
FreeMibTable
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetUserEnum
NetApiBufferFree

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors

gdi32

CreateCompatibleDC
DeleteDC
CreateDCW
SetStretchBltMode
DeleteObject
CreateCompatibleBitmap
SelectObject
StretchBlt
GetDeviceCaps
GetDIBits
GetObjectW

ntdll

NtWriteFile
NtQueryInformationProcess
RtlGetVersion
NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtOpenFile
NtReadFile
NtQuerySystemInformation
RtlNtStatusToDosError

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance

shell32

CommandLineToArgvW
SHGetKnownFolderPath

bcrypt

BCryptGenRandom

psapi

GetPerformanceInfo
GetModuleFileNameExW

pdh

PdhCollectQueryData
PdhAddEnglishCounterW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCloseQuery

powrprof

CallNtPowerInformation

vcruntime140

__current_exception
__C_specific_handler
strstr
memchr
strrchr
strchr
memcmp
memmove
__CxxFrameHandler3
memset
memcpy
__current_exception_context

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strspn
_strdup
wcsncpy
strncmp
strcpy
wcslen
strlen
strcspn
wcsncmp
wcscpy
strpbrk

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
_dclass
log
_fdopen

api-ms-win-crt-runtime-l1-1-0

_errno
_endthreadex
_seh_filter_exe
__sys_errlist
_c_exit
_beginthreadex
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm_e
exit
_register_thread_local_exe_atexit_callback
__sys_nerr
_cexit
__p___argv
__p___argc
_exit

api-ms-win-crt-convert-l1-1-0

strtoll
mbstowcs
wcstombs
atoi
strtol
strtoul

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputs
feof
_read
_write
_fileno
_close
_set_fmode
_open
ftell
fseek
fgets
fflush
fclose
_lseeki64
fopen
__stdio_common_vsprintf
__acrt_iob_func
fread
fwrite
fputc
_fseeki64

api-ms-win-crt-heap-l1-1-0

malloc
_msize
free
realloc
_set_new_mode
calloc

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_localtime64_s
_time64

api-ms-win-crt-filesystem-l1-1-0

_unlink
_fstat64
_stat64
_fullpath

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59525c1f071c43fbc3629d71ec941fbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ws2_32

crypt32

secur32

advapi32

kernel32

oleaut32

iphlpapi

netapi32

user32

gdi32

ntdll

ole32

shell32

bcrypt

psapi

pdh

powrprof

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 27KB - Virtual size: 31KB

.pdata Size: 107KB - Virtual size: 107KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 27KB - Virtual size: 31KB

.pdata
Size: 107KB - Virtual size: 107KB

.reloc
Size: 43KB - Virtual size: 42KB