Multi-License Discount Quote

Change Region

English
Threat Database Stealers Trojan.Stealer.ACC

Trojan.Stealer.ACC

By CagedTech in Stealers, Trojans

Threat Scorecard

Popularity Rank: 14,220
Threat Level: 80 % (High)
Infected Computers: 3,951
First Seen: December 14, 2022
Last Seen: April 9, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Stealer.ACC
Signature status: No Signature

Known Samples

MD5: 20daa2b56acc915bc90dcaa868bfa31b
SHA1: ac74248163d757ee4da551f8cc5ebeda7745a97e
SHA256: 0B586F16BA08538D8779A08B19004993F2BAD1AA936EF2E75899C24133309357
File Size: 577.02 KB, 577024 bytes
MD5: 1fcee4db261a54db1ef511a4dd776ace
SHA1: 52b2238b9b08bb26c3511f26d95bc58d5b1373bb
SHA256: E7885E82D3E17E921144B8E098B96CA8DC091B92355F60954CC5C62A46211ECA
File Size: 254.46 KB, 254464 bytes
MD5: 50fc6559127c76fc8112f9dab70f1b8f
SHA1: ada27ed2eed21562667ce9c4c8ca3712d2c194c7
SHA256: 4B1B9E1ED0EFA52E4663F9247477C273166481FDD8E639CAE35C4909DE3566D9
File Size: 254.46 KB, 254464 bytes
MD5: c09a98923a69222bcca1bc1490e1e4fa
SHA1: 3d3a91f71b1820260145db0c9cf9007d701de398
SHA256: 47025AE589009308160E1135BA486E9B10BD2E7E237F09F0622056EDD83333E0
File Size: 563.79 KB, 563792 bytes
MD5: 946a9cc6b501d993a108c90ef7d0930d
SHA1: c98aa812a271c9c78017c2c90b60a97ae13df9cf
SHA256: BF24277400CC453D530E4277D3BD24E96C5E409ADEF6970518BDC59205AA0241
File Size: 625.66 KB, 625664 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
NVIDIA Corporation DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch

File Traits

  • fptable
  • HighEntropy
  • No Version Info
  • packed
  • x86

Block Information

Total Blocks: 1,947
Potentially Malicious Blocks: 331
Whitelisted Blocks: 1,496
Unknown Blocks: 120

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 x ? 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x x x x x x ? ? 0 0 0 x ? 0 0 0 0 x x x x x x x 0 0 0 0 0 0 ? 0 0 x 0 x 0 ? 0 ? x 0 0 x x x x 0 0 x x 0 0 0 0 0 0 x x x x x 0 x x x x 0 x ? 0 x x x x 0 0 0 0 0 0 0 x 0 0 x x x x x 0 x ? x x x x x ? 0 0 ? 0 x x x x 0 x x x x x x x x x x x 0 x x x x x x 0 x x x 0 x x 0 0 0 0 0 0 x 0 x x x x 0 0 x x x 0 x x x x 0 0 0 0 0 0 x 0 x x x x x x x x x ? 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 ? 0 0 0 x 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 x x 0 x 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? x 0 ? 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x x x x x 0 ? ? x ? 0 x 0 0 0 x x x ? 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 x x x 0 x x 0 0 0 0 x 0 x x 0 x x 0 x 0 0 0 0 x 0 0 ? x x x x x x 0 0 0 0 0 x x 0 0 x x x x 0 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x x x x ? 0 x x 0 x 0 x x ? x x x x x x x x x x 0 x x 0 0 x 0 x 0 0 0 0 0 x x 0 x x x x ? 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 ? x 0 0 0 x 0 0 ? 0 0 x 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? 0 ? x 0 ? 0 ? 0 0 0 x x 0 0 x 0 0 0 x 0 x x x x ? 0 ? 0 0 0 x ? 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 1 0 1 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 3 1 1 1 0 1 1 0 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 2 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 1 1 0 0 0 0 0 0 0 x 0 ? ? x x x ? ? 0 0 ? ? 0 0 ? ? ? 0 x 0 ? ? ? ? ? x ? ? 0 ? x ? ? x x x x x ? ? ? 0 ? x x ? 0 ? x ? ? 0 ? x ? ? 0 x x ? 0 x 0 ? ? ? ? ? x x x x x x 0 0 x x x x x x x x x x x x x x x x x ? x x x x x ? x ? ? x x x x x ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? x x x x ? x x x x x x x x x x x x x ? x x x ? x x x x x x x x x x 0 x x x x x ? x ? ? ? ? ? ? x x x x x ? x x x x x x x x x x 0 0 0 x x x x x x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FGDC
  • Trojan.Kryptik.Gen.ACU

Files Modified

File Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\4b56126fa52f7db9080f75930f649bfa Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7ad406287e052ecab43951c39e0cdbf1 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\4b56126fa52f7db9080f75930f649bfa Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7ad406287e052ecab43951c39e0cdbf1 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\systemcertificates\ca\certificates\f9388ea2c9b7d632b66a2b0b406df1d37d3901f6::blob RegNtPreCreateKey
HKCU\software\microsoft\systemcertificates\ca\certificates\626d44e704d1ceabe3bf0d53397464ac8080142c::blob 浢턄ꯎ뿣匍琹걤肀Ⱄ耏ᱡㆂ핡⠯跧㡆Ⲵ웡炐出෠ᯎﶮᛐ繈 ߪꝾﶥ蘋頡掀愵৖㇎颳邴庐苖盤˜컱经Ṭ汵Ϙ⛶\ࠀ㨏✅䋒ⷞ軉ﱜ Ӭ舰舰퀃ΠĂȂȐ⹴ឪ車육묗ﰟ೽゠؍⨉ RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetUserName
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetReadFile
  • InternetSetOption
Network Winhttp
  • WinHttpOpen
Process Manipulation Evasion
  • NtUnmapViewOfSection

Trending

Most Viewed

Loading...