Trojan.Stealer.CLA

By CagedTech in Stealers, Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Stealer.CLA
Signature status:	Self Signed

Known Samples

MD5: 50e4842ea92f74b2c82426ff562e2ccd

SHA1: 77791214b5dd1e05606895983e086aef6cb56e37

SHA256: 1D30213F461B5A48B7B230C926F8D83455B0EDC4AB636140170F7B86C2EDB3CC

File Size: 4.76 MB, 4758688 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
File Version	1, 0, 0, 3
Internal Name	WizSvcUt
Legal Copyright	Copyright (C) 2015
Original Filename	WizSvcUt.exe
Product Name	WizSvcUt Application
Product Version	1, 0, 0, 3

Digital Signatures

Signer	Root	Status
WIZVERA Co., Ltd.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed

File Traits

2+ executable sections
x86

Block Information

Total Blocks:	5,089
Potentially Malicious Blocks:	1,752
Whitelisted Blocks:	3,337
Unknown Blocks:	0

Visual Map

0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 3 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 3 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 2 2 0 0 1 0 0 0 1 1 0 1 0 0 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 x x 0 0 0 x 0 0 0 x 0 0 0 x x x 0 0 0 0 0 0 x 0 x x x x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x 0 0 0 0 0 x 0 x 0 x x x 0 0 0 x x x 0 x x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x 0 x x 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 x 0 0 0 0 x x 0 0 0 0 x x x x 0 0 0 0 x x x 0 x x 0 x x x x x 0 x 0 x x x x x x 0 0 0 0 x 0 0 0 0 0 0 x x x x x x x x x x x x x 0 x x x x x x x x 0 0 0 0 x 0 x 0 0 0 0 x 0 0 0 x x 0 0 0 0 x 0 x 0 x 0 0 x 0 x 0 x x x x x x x x 0 x 0 0 0 0 x x x x 0 x 0 0 0 0 0 0 x 0 0 x x 0 x x x x x 0 0 0 0 0 x x x x 0 x x x 0 0 0 x x x x x x 0 x x x 0 x x 0 x x x x x x x 0 x x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x x x x x x 0 x 0 x x x 0 x 0 x 0 x 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x 0 0 0 0 x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x 0 x x x x 0 0 0 0 x x 0 x 0 x 0 0 x 0 0 0 0 0 x 0 x x 0 0 x 0 0 0 0 x x 0 x 0 x x x x x x 0 0 0 x 0 x 0 x 0 x 0 0 x 0 0 0 0 x 0 x 0 x x 0 0 0 0 0 0 0 x 0 x 0 x 0 0 x 0 0 x 0 0 x x 0 0 x x x x 0 x x 0 0 x x x 0 0 x 0 0 0 0 x x 0 x 0 0 x x 0 x 0 0 x 0 x x 0 0 x x 0 x 0 x x x x x 0 0 x 0 x 0 0 0 x x 0 0 0 0 0 x x 0 x x 0 x 0 x x x x x x 0 x x x x x x x x x 0 x x x x x x x x 0 x x x 0 x x x x x x x x x x x x x x x x 0 x x x 0 x x 0 x x x x 0 0 x 0 0 x x 0 x x x x x 0 x x x x 0 0 x x 0 x 0 x x x 0 x x x 0 x 0 0 0 x x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 0 x 0 x 0 x 0 x x 0 x x x 0 x 0 0 x 0 0 0 x 0 x x 0 x x x x 0 0 x 0 x x 0 x 0 x 0 x x 0 x x x x x x 0 0 x x 0 x 0 0 0 0 x x x 0 0 x x x 0 0 0 x 0 0 0 x 0 x 0 x 0 x 0 0 0 x x 0 0 x 0 0 x x 0 x x x 0 x 0 x 0 0 0 x 0 x 0 x 0 0 0 x x 0 x 0 0 0 0 x x x x 0 0 x 0 0 0 x 0 0 0 0 0 0 x x 0 x x 0 x x x 0 0 x x 0 0 x 0 x 0 x x x x 0 x 0 0 0 x 0 0 x x 0 0 0 x 0 x 0 0 x 0 0 x 0 x 0 x x x 0 x x 0 0 x x x x x x x 0 x x 0 0 0 x x x x x 0 0 x x 0 x 0 x x x x 0 0 x x 0 0 0 x x 0 0 0 0 x x x 0 0 x 0 x x x 0 x 0 0 x x 0 x 0 0 x x 0 0 x x x 0 x 0 x 0 0 x 0 x 0 x x 0 x 0 x x 0 0 x 0 x 0 x x x x 0 x 0 0 x x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x x x 0 x 0 x x x 0 0 x 0 x x 0 0 x 0 x 0 x 0 x x x 0 0 x 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x x x x x 0 x x x 0 x x

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Stealer.CLA

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Stealer.CLA

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Submit Comment

Trending

Turtle Vote Rewards

Researchers Find 230,000 New Malware Threats Each...

Threat Nuker

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen