isrstealer | 26157ddd8fa096313b0d782d5662b0db_JaffaCakes118 | Triage

Sharing

General

Target

26157ddd8fa096313b0d782d5662b0db_JaffaCakes118
Size

26KB
MD5

26157ddd8fa096313b0d782d5662b0db
SHA1

5eb91671c341638d6a8be9ea2ab5ef1ff431c84d
SHA256

850c3649d071cd42987b643455e6390722922723c1cc15089b3eea6ead638a5a
SHA512

8df5509ea0b2f6e5a343a817ea6ea11c4bd8bb9138c514e618dc5c0d0cc609814c2caf79669e03f89660d439cf229242e3b726fb8c8b11f38ccc0f000665b7d3
SSDEEP

768:uzFWWSwMop2uMqPGSq9m7ctdrH/oE3L2X7CwqQV21RC+eT4txgS:uhWlRop2FF7ffLGFqI3OtxgS

Score

10^/10

isrstealer

Malware Config

Signatures

ISR Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/East-Tec.All.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.exe	family_isrstealer

Isrstealer family
isrstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/East-Tec.All.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.exe

Files

26157ddd8fa096313b0d782d5662b0db_JaffaCakes118
.rar
East-Tec.All.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.exe
.exe windows:4 windows x86 arch:x86

4547bdcd0c3c952cce7b1290dd98f06f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord517
ord518
ord519
ord661
ord666
ord667
ord592
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord561
DllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord716
ord717
ProcCallEngine
ord537
ord644
ord538
ord645
ord648
ord570
ord571
ord572
ord681
ord100
ord579
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ