Threat Database Stealers Trojan.Stealer.CLA

Trojan.Stealer.CLA

By CagedTech in Stealers, Trojans

Analysis Report

General information

Family Name: Trojan.Stealer.CLA
Signature status: Self Signed

Known Samples

MD5: 50e4842ea92f74b2c82426ff562e2ccd
SHA1: 77791214b5dd1e05606895983e086aef6cb56e37
SHA256: 1D30213F461B5A48B7B230C926F8D83455B0EDC4AB636140170F7B86C2EDB3CC
File Size: 4.76 MB, 4758688 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
File Version 1, 0, 0, 3
Internal Name WizSvcUt
Legal Copyright Copyright (C) 2015
Original Filename WizSvcUt.exe
Product Name WizSvcUt Application
Product Version 1, 0, 0, 3

Digital Signatures

Signer Root Status
WIZVERA Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed

File Traits

  • 2+ executable sections
  • x86

Block Information

Total Blocks: 5,089
Potentially Malicious Blocks: 1,752
Whitelisted Blocks: 3,337
Unknown Blocks: 0

Visual Map

0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 3 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 3 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 2 2 0 0 1 0 0 0 1 1 0 1 0 0 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 0 x x 0 0 0 x 0 0 0 x 0 0 0 x x x 0 0 0 0 0 0 x 0 x x x x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x 0 0 0 0 0 x 0 x 0 x x x 0 0 0 x x x 0 x x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x 0 x x 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 x 0 0 0 0 x x 0 0 0 0 x x x x 0 0 0 0 x x x 0 x x 0 x x x x x 0 x 0 x x x x x x 0 0 0 0 x 0 0 0 0 0 0 x x x x x x x x x x x x x 0 x x x x x x x x 0 0 0 0 x 0 x 0 0 0 0 x 0 0 0 x x 0 0 0 0 x 0 x 0 x 0 0 x 0 x 0 x x x x x x x x 0 x 0 0 0 0 x x x x 0 x 0 0 0 0 0 0 x 0 0 x x 0 x x x x x 0 0 0 0 0 x x x x 0 x x x 0 0 0 x x x x x x 0 x x x 0 x x 0 x x x x x x x 0 x x x x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x x x x x x 0 x 0 x x x 0 x 0 x 0 x 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x 0 0 0 0 x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x 0 x x x x 0 0 0 0 x x 0 x 0 x 0 0 x 0 0 0 0 0 x 0 x x 0 0 x 0 0 0 0 x x 0 x 0 x x x x x x 0 0 0 x 0 x 0 x 0 x 0 0 x 0 0 0 0 x 0 x 0 x x 0 0 0 0 0 0 0 x 0 x 0 x 0 0 x 0 0 x 0 0 x x 0 0 x x x x 0 x x 0 0 x x x 0 0 x 0 0 0 0 x x 0 x 0 0 x x 0 x 0 0 x 0 x x 0 0 x x 0 x 0 x x x x x 0 0 x 0 x 0 0 0 x x 0 0 0 0 0 x x 0 x x 0 x 0 x x x x x x 0 x x x x x x x x x 0 x x x x x x x x 0 x x x 0 x x x x x x x x x x x x x x x x 0 x x x 0 x x 0 x x x x 0 0 x 0 0 x x 0 x x x x x 0 x x x x 0 0 x x 0 x 0 x x x 0 x x x 0 x 0 0 0 x x x 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 0 x 0 x 0 x 0 x x 0 x x x 0 x 0 0 x 0 0 0 x 0 x x 0 x x x x 0 0 x 0 x x 0 x 0 x 0 x x 0 x x x x x x 0 0 x x 0 x 0 0 0 0 x x x 0 0 x x x 0 0 0 x 0 0 0 x 0 x 0 x 0 x 0 0 0 x x 0 0 x 0 0 x x 0 x x x 0 x 0 x 0 0 0 x 0 x 0 x 0 0 0 x x 0 x 0 0 0 0 x x x x 0 0 x 0 0 0 x 0 0 0 0 0 0 x x 0 x x 0 x x x 0 0 x x 0 0 x 0 x 0 x x x x 0 x 0 0 0 x 0 0 x x 0 0 0 x 0 x 0 0 x 0 0 x 0 x 0 x x x 0 x x 0 0 x x x x x x x 0 x x 0 0 0 x x x x x 0 0 x x 0 x 0 x x x x 0 0 x x 0 0 0 x x 0 0 0 0 x x x 0 0 x 0 x x x 0 x 0 0 x x 0 x 0 0 x x 0 0 x x x 0 x 0 x 0 0 x 0 x 0 x x 0 x 0 x x 0 0 x 0 x 0 x x x x 0 x 0 0 x x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 x x x 0 x 0 x x x 0 0 x 0 x x 0 0 x 0 x 0 x 0 x x x 0 0 x 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x x x x x 0 x x x 0 x x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Stealer.CLA

Trending

Most Viewed

Loading...