xtremerat | f0e35d7526ac18475f1cfcdd6c772a8c_JaffaCakes118 | Triage

Sharing

General

Target

f0e35d7526ac18475f1cfcdd6c772a8c_JaffaCakes118
Size

211KB
MD5

f0e35d7526ac18475f1cfcdd6c772a8c
SHA1

525a6d099216ae252d803f0e47806a55621e6d9e
SHA256

b9021561415bff1468c140ce32431baf1ee6f94aeacf450634f2b76232055438
SHA512

923ccad09ede28890165792c9229076ba55683efb989da85dea14048abed45abd8ca40af77d4a086f5701daabbcc6da415e0c737bb98029dfcf411b2a0c3ab0a
SSDEEP

6144:dqZ7oEYoRAQaUbRZH+CHRSwI7PTn422b4HuwIAXbPZcry+wNKevSK0b4EeU:da7TFUUbRMCf

Score

10^/10

xtremerat

Malware Config

Signatures

Detect XtremeRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_xtremerat
Xtremerat family
xtremerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f0e35d7526ac18475f1cfcdd6c772a8c_JaffaCakes118

Files

f0e35d7526ac18475f1cfcdd6c772a8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

07c8682562ea9fbc8457d4646eb62903

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord666
__vbaAryDestruct
__vbaVarForInit
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaVarCat
ord645
_CIlog
__vbaFileOpen
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ