marsstealer | be8ca35106aa04901e662c488cfa5da2_JaffaCakes118 | Triage

Sharing

General

Target

be8ca35106aa04901e662c488cfa5da2_JaffaCakes118
Size

95KB
MD5

be8ca35106aa04901e662c488cfa5da2
SHA1

d99f21640a593a01e8934cc07b9babcecc6dcca3
SHA256

2d6bd362e2db48ffcc87b5d408b788becf7ba0205834e036002f25e6f5a81e8a
SHA512

5a64b333a87f607e6deb38fff7c88135285edf6cf2f0d034e96f7ff98fc989e24db873c4490132e68cc5f052e479161f54152c29cd6ea7637a76af46755e83ed
SSDEEP

1536:HWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUU3jy0f:HWTHVn8TXvc4O3CFvlaSED1Pjj/f

Score

10^/10

marsstealer

Malware Config

Signatures

Marsstealer family
marsstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
be8ca35106aa04901e662c488cfa5da2_JaffaCakes118

Files

be8ca35106aa04901e662c488cfa5da2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c665f81387442ad965e3f4eba69f083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strstr
strncpy
getenv
rand
srand
_mbsicmp
_putenv
strtok
memcpy
memset

Sections

.text
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LLCPPC
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LLCPPC
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE