Trojan.MSIL.Stealer.CCE
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.MSIL.Stealer.CCE |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
3e12802e185d41d6caf8d2917b08c29d
SHA1:
a8958a6ce0a05ceafb0b662f14153ceffd920e9b
SHA256:
19BD50E23A185BD2E604E27DAB43A1422A958631BD7CE8C0A35444F1D747E0A1
File Size:
689.66 KB, 689664 bytes
|
|
MD5:
051eb0a7f84a0e0dd365759c82e6a9e2
SHA1:
831f27ced5de3e329db925c0a3da71aa44c7a7df
SHA256:
553B6D3A98BCD59592A7C228070D93A2C5A1BF719A797E1DB65E287C9F8B5237
File Size:
778.24 KB, 778240 bytes
|
|
MD5:
00e49c16fb0694fbd81ada6d60783dcc
SHA1:
b4f9ebb543e3d8c602e882ffc1760331b251c21a
SHA256:
C460FAA566E39CA4624019DAEC0A780C31F880257676E98869CE8558CFC6BE89
File Size:
692.59 KB, 692588 bytes
|
|
MD5:
0467b53ce453d637ef5258b5f6ab0c98
SHA1:
11b23c49826c734cad3675aa0c6baeef10c5d97d
SHA256:
6F4FA205733555B70656615A200A630DA8F28D962733C4F1D58ABB32A8C55C8F
File Size:
448.51 KB, 448512 bytes
|
|
MD5:
bd3116896e98438f55b02b8f65346ed5
SHA1:
419f3ac2b6e39978b2b2bb6cfd19f70bdb23d199
SHA256:
7042C1124235C362FAE2C7BB71724E1CC651B296A242FE671E84AEFB2190D313
File Size:
593.41 KB, 593408 bytes
|
Show More
|
MD5:
27698f47208a202e3924b804b0b580af
SHA1:
48df80e06aada66acc80d05eebf76d28b528cda1
SHA256:
67D405641E93EA9D006945A411EE0AE6192DC9ADE92ACC4E39BD15144DA5EECD
File Size:
460.80 KB, 460800 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 1.0.0.0 |
| File Version | 1.0.0.0 |
| Internal Name |
|
| Original Filename |
|
| Product Version | 1.0.0.0 |
File Traits
- .NET
- 2+ executable sections
- GenKrypt
- HighEntropy
- x64
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 59 |
|---|---|
| Potentially Malicious Blocks: | 10 |
| Whitelisted Blocks: | 21 |
| Unknown Blocks: | 28 |
Visual Map
x
x
x
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
?
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
?
x
?
x
x
?
?
x
x
?
x
0
?
?
?
?
0
0
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Encryption Used |
|
| Anti Debug |
|
| Other Suspicious |
|
