popup

Report - 2555d50c-0b7e-4aa3-8d87-89be351aa8d4

Browser Login Data Stealer Generic Malware ASPack Malicious Library UPX Antivirus PE File PE64 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.04.29 10:40 Machine s1_win7_x6403
Filename 2555d50c-0b7e-4aa3-8d87-89be351aa8d4
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score
2
 Behavior Score
6.6
ZERO API file : malware
VT API (file) 47 detected (Malicious, score, Mikey, Unsafe, Vbw5, confidence, Attribute, HighConfidence, high confidence, AGen, MalwareX, Misc, alme, TrojanPSW, CLOUD, Nekark, ypcrh, Siggen3, AgentAGen, Static AI, Malicious PE, Detected, GrayWare, Wacapew, Egairtigado, ABPWS, SSZV, Artemis, Chgt, R002H09DS25, Gencirc, bSj1mpH8lMI, susgen)
md5 cb71fdc317894bb6cda7778b30307bec
sha256 181996ec86494d8aae335b97323821d36f5b4487fdd63ff1661156c48b9457cb
ssdeep 49152:R6eOE1Cuon57C2RQ+u+00zmXkXIYYSX2uq:/CauL0dkXhm
imphash 6db430c49e52626472381dd561730e7b
impfuzzy 96:dQ0+RzeJ6xaM2/fcg+PehWZloLtsBPaWE:dQniJ6xabWvy1
  Network IP location

Signature (16cnts)

Level Description
danger File has been identified by 47 AntiVirus engines on VirusTotal as malicious
watch Attempts to access Bitcoin/ALTCoin wallets
watch Communicates with host for which no DNS query was performed
watch Creates a suspicious Powershell process
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a shortcut to an executable file
notice Creates a suspicious process
notice Steals private information from local Internet browsers
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info Uses Windows APIs to generate a cryptographic key

Rules (10cnts)

Level Name Description Collection
danger infoStealer_browser_b_Zero browser info stealer binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Antivirus Contains references to security software binaries (download)
watch ASPack_Zero ASPack packed file binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
107.172.43.186
whois
US AS-COLOCROSSING 107.172.43.186 clean

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x140240020 CloseHandle
 0x140240028 WideCharToMultiByte
 0x140240030 LocalFree
 0x140240038 FormatMessageA
 0x140240040 ReadFile
 0x140240048 SizeofResource
 0x140240050 WaitForSingleObject
 0x140240058 UnmapViewOfFile
 0x140240060 GetTempPathA
 0x140240068 CopyFileA
 0x140240070 GetFileAttributesA
 0x140240078 CreateFileA
 0x140240080 LoadLibraryA
 0x140240088 MultiByteToWideChar
 0x140240090 DeleteFileA
 0x140240098 LoadResource
 0x1402400a0 FindResourceW
 0x1402400a8 GetProcAddress
 0x1402400b0 GetFileSize
 0x1402400b8 GetModuleHandleW
 0x1402400c0 CreateProcessA
 0x1402400c8 CreateDirectoryA
 0x1402400d0 CreateFileMappingW
 0x1402400d8 MapViewOfFile
 0x1402400e0 CreateFileW
 0x1402400e8 GetTempPathW
 0x1402400f0 TerminateProcess
 0x1402400f8 WriteFile
 0x140240100 WriteConsoleW
 0x140240108 SetStdHandle
 0x140240110 SetEnvironmentVariableW
 0x140240118 FreeEnvironmentStringsW
 0x140240120 GetEnvironmentStringsW
 0x140240128 LockResource
 0x140240130 GetLastError
 0x140240138 GetCommandLineW
 0x140240140 GetCommandLineA
 0x140240148 GetOEMCP
 0x140240150 GetACP
 0x140240158 IsValidCodePage
 0x140240160 GetTimeZoneInformation
 0x140240168 ReadConsoleW
 0x140240170 EnumSystemLocalesW
 0x140240178 GetUserDefaultLCID
 0x140240180 IsValidLocale
 0x140240188 GetLocaleInfoW
 0x140240190 LCMapStringW
 0x140240198 CompareStringW
 0x1402401a0 FlsFree
 0x1402401a8 FlsSetValue
 0x1402401b0 FlsGetValue
 0x1402401b8 FlsAlloc
 0x1402401c0 GetFileType
 0x1402401c8 SetFilePointerEx
 0x1402401d0 GetFileSizeEx
 0x1402401d8 FlushFileBuffers
 0x1402401e0 GetTickCount
 0x1402401e8 QueryPerformanceCounter
 0x1402401f0 GetSystemTime
 0x1402401f8 GetSystemTimeAsFileTime
 0x140240200 FreeLibrary
 0x140240208 SystemTimeToFileTime
 0x140240210 GetProcessHeap
 0x140240218 GetCurrentProcessId
 0x140240220 LockFileEx
 0x140240228 UnlockFile
 0x140240230 HeapDestroy
 0x140240238 HeapCompact
 0x140240240 HeapAlloc
 0x140240248 LoadLibraryW
 0x140240250 GetSystemInfo
 0x140240258 HeapReAlloc
 0x140240260 DeleteFileW
 0x140240268 WaitForSingleObjectEx
 0x140240270 FlushViewOfFile
 0x140240278 OutputDebugStringW
 0x140240280 GetFileAttributesExW
 0x140240288 GetDiskFreeSpaceA
 0x140240290 FormatMessageW
 0x140240298 Sleep
 0x1402402a0 HeapSize
 0x1402402a8 HeapValidate
 0x1402402b0 GetFileAttributesW
 0x1402402b8 CreateMutexW
 0x1402402c0 UnlockFileEx
 0x1402402c8 SetEndOfFile
 0x1402402d0 GetFullPathNameA
 0x1402402d8 SetFilePointer
 0x1402402e0 LockFile
 0x1402402e8 OutputDebugStringA
 0x1402402f0 GetDiskFreeSpaceW
 0x1402402f8 GetFullPathNameW
 0x140240300 HeapFree
 0x140240308 HeapCreate
 0x140240310 AreFileApisANSI
 0x140240318 RaiseException
 0x140240320 InitializeCriticalSection
 0x140240328 EnterCriticalSection
 0x140240330 LeaveCriticalSection
 0x140240338 TryEnterCriticalSection
 0x140240340 DeleteCriticalSection
 0x140240348 GetCurrentThreadId
 0x140240350 VirtualProtect
 0x140240358 GetLocaleInfoEx
 0x140240360 GetCurrentDirectoryW
 0x140240368 FindClose
 0x140240370 FindFirstFileW
 0x140240378 FindFirstFileExW
 0x140240380 FindNextFileW
 0x140240388 GetFileInformationByHandle
 0x140240390 GetFinalPathNameByHandleW
 0x140240398 SetFileInformationByHandle
 0x1402403a0 CopyFileW
 0x1402403a8 GetFileInformationByHandleEx
 0x1402403b0 WakeConditionVariable
 0x1402403b8 WakeAllConditionVariable
 0x1402403c0 SleepConditionVariableSRW
 0x1402403c8 GetExitCodeThread
 0x1402403d0 GetNativeSystemInfo
 0x1402403d8 GetStringTypeW
 0x1402403e0 ReleaseSRWLockExclusive
 0x1402403e8 AcquireSRWLockExclusive
 0x1402403f0 TryAcquireSRWLockExclusive
 0x1402403f8 InitializeCriticalSectionEx
 0x140240400 EncodePointer
 0x140240408 DecodePointer
 0x140240410 LCMapStringEx
 0x140240418 CompareStringEx
 0x140240420 GetCPInfo
 0x140240428 RtlCaptureContext
 0x140240430 RtlLookupFunctionEntry
 0x140240438 RtlVirtualUnwind
 0x140240440 UnhandledExceptionFilter
 0x140240448 SetUnhandledExceptionFilter
 0x140240450 GetCurrentProcess
 0x140240458 IsProcessorFeaturePresent
 0x140240460 IsDebuggerPresent
 0x140240468 GetStartupInfoW
 0x140240470 InitializeSListHead
 0x140240478 RtlUnwindEx
 0x140240480 RtlPcToFileHeader
 0x140240488 SetLastError
 0x140240490 InitializeCriticalSectionAndSpinCount
 0x140240498 TlsAlloc
 0x1402404a0 TlsGetValue
 0x1402404a8 TlsSetValue
 0x1402404b0 TlsFree
 0x1402404b8 LoadLibraryExW
 0x1402404c0 CreateThread
 0x1402404c8 ExitThread
 0x1402404d0 FreeLibraryAndExitThread
 0x1402404d8 GetModuleHandleExW
 0x1402404e0 ExitProcess
 0x1402404e8 GetModuleFileNameW
 0x1402404f0 GetStdHandle
 0x1402404f8 GetConsoleOutputCP
 0x140240500 GetConsoleMode
 0x140240508 RtlUnwind
ADVAPI32.dll
 0x140240000 SystemFunction036
SHELL32.dll
 0x140240518 SHGetFolderPathA
 0x140240520 SHGetKnownFolderPath
ole32.dll
 0x140240548 CoTaskMemFree
CRYPT32.dll
 0x140240010 CryptUnprotectData
WS2_32.dll
 0x140240530 WSAStartup
 0x140240538 WSACleanup

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure