1626bb1b4b55c939d9b8aef29c046954_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1626bb1b4b55c939d9b8aef29c046954_JaffaCakes118
Size

80KB
MD5

1626bb1b4b55c939d9b8aef29c046954
SHA1

d67ef8adf006d12fc0e9a4f0364f86cefb472ab3
SHA256

aeba349e91020e360b1580ba340ece449fcac12f7c0b52eba212478cab42fd26
SHA512

bd2f8581037ce887a61f32fd229cbce8a6b15600bc42fdb6d7d5bb63f3a2509dc116752ebe5f7dbfaa4236cc8bd6bfe140a79d08f4ca17f16781b24768a01693
SSDEEP

1536:UukW9N3EbRRL3t9VSDCQmStLeek1y/ht8Pb/V3Cv/Oi/6vJHDAU:UukW9N3ERRLk+QxtLLncD/xCvGhv1AU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AuraStealer.exe

Files

1626bb1b4b55c939d9b8aef29c046954_JaffaCakes118
.rar
AuraStealer.exe
.exe windows:4 windows x86 arch:x86

1ef7c63e2cdd2f433b198907ecd9aec1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaAryMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaPutOwner3
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaStrMove
__vbaPutFxStr4
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ