rust-stealer-xss[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rust-stealer-xss.exe
Size

5.8MB
MD5

fd40ccbd0970b4d71b70e76f5c04446f
SHA1

e6f414a578294f2577dac6aa0f81ed05fdd2864d
SHA256

1b73e0f63312bea44a3e1977389c269143f872271903cfc2af98d165bbbcea70
SHA512

34cf6d74e6875feaa5f730157ebf1d758dce3e67cff119224c1d5a949f761857dab73953b9f5c98dd3b5143401597526550c74c81288172212908743321f2fa1
SSDEEP

49152:foV9jFtDhCJo454hxfyEqfHYFHFxQRknnNqaTsvNnhhQ9KJpgoWWWA52a43j9xTY:wDFT/bNqaQS9KJpusKI25Un+hW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rust-stealer-xss.exe

Files

rust-stealer-xss.exe
.exe windows:6 windows x64 arch:x64

0c51aa2a1062a69218306b9b32b10e1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rust_stealer_xss.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

ws2_32

accept
WSADuplicateSocketW
select
shutdown
send
getsockname
WSASend
WSARecv
recv
getpeername
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
bind
WSASocketW
getsockopt
connect
ioctlsocket
closesocket
WSAGetLastError
ntohs
WSAResetEvent
WSAWaitForMultipleEvents
__WSAFDIsSet
WSAIoctl
htonl
listen
htons
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
socket
WSASetLastError
WSACloseEvent

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CryptUnprotectData

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
FreeContextBuffer
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

advapi32

RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
GetUserNameW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SystemFunction036
RegQueryValueExW

kernel32

SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetFileSize
FlushFileBuffers
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
MoveFileExA
Sleep
GetTickCount
GetEnvironmentVariableA
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetTempPathA
CloseHandle
GetLastError
GetUserPreferredUILanguages
GetTickCount64
GetLogicalDrives
GetFileInformationByHandleEx
SetFileInformationByHandle
SwitchToThread
DeleteFileW
GetComputerNameExW
LoadLibraryExW
GetProcAddress
FreeLibrary
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GetModuleHandleW
GetProcessHeap
HeapFree
HeapReAlloc
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
SetLastError
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
lstrlenW
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
WideCharToMultiByte
GetStdHandle
GetConsoleMode
GetConsoleOutputCP
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetEnvironmentVariableW
GetModuleHandleA
QueryPerformanceFrequency
FormatMessageW
GetSystemInfo
GetTempPathW
GetFullPathNameW
CreateFileW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileExW
FindClose
SetHandleInformation
CreateThread
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
CopyFileExW
OpenProcess
ReadProcessMemory
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GlobalMemoryStatusEx
PostQueuedCompletionStatus
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepEx
EnterCriticalSection

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocStringLen
SafeArrayUnaccessData
SysAllocString
VariantClear
SafeArrayAccessData

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

ntdll

RtlNtStatusToDosError
NtQuerySystemInformation
RtlGetVersion
NtCancelIoFileEx
NtQueryInformationProcess
NtDeviceIoControlFile
NtReadFile
NtWriteFile
NtOpenFile
NtCreateFile

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors

gdi32

GetDeviceCaps
GetObjectW
CreateDCW
DeleteDC
GetDIBits
StretchBlt
CreateCompatibleDC
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
DeleteObject

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoInitializeEx

shell32

CommandLineToArgvW
SHGetKnownFolderPath

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExW
GetPerformanceInfo

pdh

PdhCloseQuery
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter

powrprof

CallNtPowerInformation

vcruntime140

__current_exception
__C_specific_handler
strstr
memchr
strrchr
strchr
memcmp
memmove
__CxxFrameHandler3
memset
memcpy
__current_exception_context

api-ms-win-crt-string-l1-1-0

wcslen
strcmp
strlen
_strdup
wcsncpy
strncpy
wcsncmp
wcscpy
strpbrk
strcspn
strspn
strncmp
strcpy

api-ms-win-crt-math-l1-1-0

pow
_fdopen
__setusermatherr
_dclass
log

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_seh_filter_exe
_endthreadex
_beginthreadex
__sys_nerr
_initialize_narrow_environment
__sys_errlist
_get_initial_narrow_environment
_errno
_initterm
_initterm_e
exit
_exit
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_cexit
_c_exit

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
wcstombs
mbstowcs
strtoul
strtol

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputs
ftell
fseek
fclose
__stdio_common_vsprintf
fopen
_open
fputc
_fseeki64
_set_fmode
_read
fgets
_close
_lseeki64
fflush
_write
__acrt_iob_func
fread
fwrite
_fileno
feof

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
malloc
_set_new_mode
_msize

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64
strftime
_time64

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64
_fstat64
_fullpath

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c51aa2a1062a69218306b9b32b10e1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ws2_32

crypt32

secur32

advapi32

kernel32

oleaut32

iphlpapi

netapi32

ntdll

user32

gdi32

ole32

shell32

bcrypt

psapi

pdh

powrprof

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 27KB - Virtual size: 31KB

.pdata Size: 114KB - Virtual size: 114KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 27KB - Virtual size: 31KB

.pdata
Size: 114KB - Virtual size: 114KB

.reloc
Size: 44KB - Virtual size: 44KB