strela | 3e1b475608a0f58b4f611025edbcb99b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e1b475608a0f58b4f611025edbcb99b_JaffaCakes118
Size

5.4MB
MD5

3e1b475608a0f58b4f611025edbcb99b
SHA1

987e3e93bd65b4e17d341fe2c7986fa596249b33
SHA256

ef5a4eb40733a378ba1dbfdeeecbcd0ba776d1fe7c293a703ee1431cc2a5f248
SHA512

67acaf217150b3a073018c83614c61e8c9b2d58ce4ab849b3973d1eb024d9227aa8200caa9348b3313b3d43ea5c66bdd5e582d0b2e24fa64b672afe7361025c3
SSDEEP

49152:OQJ3vdwlU0AP5kdYTDuvFFrj1qWsWG9Adva5yheSWYJ0q:74U0AP5GYTMFFrc0va5yheSWYJ0q

Score

10^/10

upx strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e1b475608a0f58b4f611025edbcb99b_JaffaCakes118

Files

3e1b475608a0f58b4f611025edbcb99b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a7f8884626ef9befdd0d25d0b96ff69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmGetCompositionStringA
ImmAssociateContext
ImmReleaseContext

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
MultiByteToWideChar
WaitForSingleObject
ResumeThread
Sleep
IsBadWritePtr
IsBadReadPtr
lstrlenA
DeleteFileA
CopyFileA
SetFileAttributesA
GetFileAttributesA
MulDiv
WideCharToMultiByte
lstrcpyA
GetPrivateProfileIntA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FreeLibrary
CloseHandle
WriteProcessMemory
OpenProcess
GetProcAddress
LoadLibraryA
MoveFileA
OpenSemaphoreA
GetLastError
CreateMutexA
GetTempPathA
GetPrivateProfileStringA
GetDriveTypeA
GetTempFileNameA
LockResource
LoadResource
FindResourceA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetTickCount
WritePrivateProfileStringA
RemoveDirectoryA
GlobalFree
LocalFree
CreateDirectoryA
GlobalAlloc
GlobalUnlock
GlobalLock
GetWindowsDirectoryA
GetVersionExA
GetVolumeInformationA
GetLocalTime
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
VirtualAlloc
VirtualFree
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapCreate
HeapDestroy
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
InterlockedIncrement
InterlockedDecrement
SetEvent
SetThreadPriority
SuspendThread
CreateEventA
lstrcpynA
FormatMessageA
SetLastError
lstrlenW
lstrcmpA
GlobalSize
GlobalReAlloc
GetCurrentThread
ReleaseMutex
GetFullPathNameA
SetFileTime
GetDiskFreeSpaceA
GetProfileIntA
LocalFileTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetProcessVersion
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetCPInfo
GetOEMCP
SizeofResource
FindResourceExA
FileTimeToLocalFileTime
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
GetACP
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
CreateThread
ExitThread
SetStdHandle
GetFileType
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
IsBadCodePtr

user32

IsWindow
SetFocus
AdjustWindowRectEx
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
CallWindowProcA
GetMessageTime
GetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
GetWindowPlacement
DeferWindowPos
DefWindowProcA
WindowFromPoint
IsChild
wvsprintfA
wsprintfA
DrawFocusRect
GetIconInfo
CopyImage
DrawTextA
DrawEdge
CreateIcon
DrawIconEx
FillRect
DestroyIcon
OpenClipboard
GetClipboardData
CloseClipboard
ModifyMenuA
AdjustWindowRect
EnumChildWindows
GetDCEx
GetMessageA
LoadBitmapA
ShowScrollBar
GetMessagePos
IsWindowVisible
EnumWindows
GetPropA
ShowWindow
SetForegroundWindow
MessageBoxA
TranslateAcceleratorA
SystemParametersInfoA
LoadIconA
GetMenuState
DeleteMenu
SetParent
GetLastActivePopup
RemovePropA
RegisterWindowMessageA
SetPropA
RemoveMenu
GetMenu
KillTimer
GetDesktopWindow
SetTimer
IntersectRect
EqualRect
GetAsyncKeyState
LoadMenuA
GetSubMenu
CheckMenuItem
GetKeyState
UnregisterClassA
HideCaret
ShowCaret
SendDlgItemMessageA
ExcludeUpdateRgn
DefDlgProcA
CharNextA
IsWindowUnicode
GetDlgCtrlID
ValidateRect
GetActiveWindow
DestroyMenu
CountClipboardFormats
IsClipboardFormatAvailable
RegisterClipboardFormatA
ClientToScreen
SetRectEmpty
IsRectEmpty
InflateRect
LoadCursorA
SetCursor
ReleaseCapture
SetCapture
GetDC
ReleaseDC
CopyRect
GetFocus
GetCursorPos
ScreenToClient
PtInRect
GetCapture
GetSysColor
UpdateWindow
InvalidateRect
PeekMessageA
TranslateMessage
DispatchMessageA
MapWindowPoints
MessageBeep
SendMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
IsWindowEnabled
SetMenuItemBitmaps
GetWindowThreadProcessId
GetMenuCheckMarkDimensions
GetNextDlgTabItem
EnableWindow
GetClientRect
SetRect
OffsetRect
LoadImageA
GetParent
GetSystemMenu
EnableMenuItem
SetActiveWindow
PostMessageA
IsIconic
IsZoomed
GetWindowRect
GetSystemMetrics
AppendMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
MapDialogRect
GetTabbedTextExtentA
PostThreadMessageA
GetClassNameA
LockWindowUpdate
GetSysColorBrush
CharUpperA
DestroyCursor
LoadStringA
PostQuitMessage
InvertRect
ShowOwnedPopups
FindWindowA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
EndDialog
LoadAcceleratorsA
CreateDialogIndirectParamA

gdi32

GetTextMetricsA
GetTextExtentPoint32A
CreateFontIndirectA
CreateRectRgnIndirect
CreateDIBitmap
GetTextExtentPointA
GetWindowOrgEx
GetCharWidthA
GetTextFaceA
GetROP2
GetTextAlign
GetPolyFillMode
GetStretchBltMode
GetNearestColor
CopyMetaFileA
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
GetViewportOrgEx
CreateDCA
LPtoDP
DPtoLP
SetRectRgn
PatBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetCurrentPositionEx
SetTextAlign
IntersectClipRect
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
StartDocA
CreateBitmap
GetClipBox
SetDIBitsToDevice
OffsetClipRgn
StretchDIBits
SetDIBits
Pie
SetPolyFillMode
Polygon
Ellipse
SetROP2
SelectClipRgn
CreateDIBSection
GetDIBits
SetTextColor
GetTextColor
SetBkColor
GetBkColor
SetBkMode
GetBkMode
SetStretchBltMode
StretchBlt
MoveToEx
LineTo
CreateCompatibleBitmap
ExtCreatePen
CreateSolidBrush
Rectangle
CreateRectRgn
CreatePen
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CombineRgn
OffsetRgn
InvertRgn
GetStockObject
GetObjectA
EnumFontFamiliesExA
GetDeviceCaps
DeleteObject

comdlg32

PrintDlgA
GetFileTitleA
GetOpenFileNameA
CommDlgExtendedError
ChooseFontA
GetSaveFileNameA
ChooseColorA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
GetFileSecurityA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey
SetFileSecurityA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetFileInfoA
SHGetMalloc
ExtractIconA

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_Add
ImageList_Draw
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleDuplicateData
CoTaskMemAlloc
CoFreeUnusedLibraries
OleInitialize
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
ReleaseStgMedium
CoTaskMemFree
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleUninitialize
CoRevokeClassObject

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a7f8884626ef9befdd0d25d0b96ff69

Headers

File Characteristics

Imports

imm32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 48KB - Virtual size: 87KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 48KB - Virtual size: 87KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.UPX0
Size: 104KB - Virtual size: 252KB