isrstealer | 763c44d707064859ff43277d050f4f22_JaffaCakes118 | Triage

Sharing

General

Target

763c44d707064859ff43277d050f4f22_JaffaCakes118
Size

26KB
MD5

763c44d707064859ff43277d050f4f22
SHA1

e52ce08937242f73b6f499317337ac32e2bb612b
SHA256

cf9c0a6ab39988bae7ef8605aa854f63d5c61f55367d5cc382e4c28c4b6ad095
SHA512

89c98bf78e6d831d2991716b236d507004955db686df641cf77f0b9f1e463ef234a03682095e2b380b53a81ff5e3a930925b686d1c7a5abb09a0dac51c323ffd
SSDEEP

768:WzFWWSwMop2uMqPGSq9m7ctdrH/oE3L2X7CwqQV21RC+eT4txgS:WhWlRop2FF7ffLGFqI3OtxgS

Score

10^/10

isrstealer

Malware Config

Signatures

ISR Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/EJ.Technologies.Exe4j.v4.1.1.Incl.Keygen-FALLEN.exe	family_isrstealer

Isrstealer family
isrstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/EJ.Technologies.Exe4j.v4.1.1.Incl.Keygen-FALLEN.exe

Files

763c44d707064859ff43277d050f4f22_JaffaCakes118
.rar
EJ.Technologies.Exe4j.v4.1.1.Incl.Keygen-FALLEN.exe
.exe windows:4 windows x86 arch:x86

4547bdcd0c3c952cce7b1290dd98f06f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord517
ord518
ord519
ord661
ord666
ord667
ord592
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord561
DllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord716
ord717
ProcCallEngine
ord537
ord644
ord538
ord645
ord648
ord570
ord571
ord572
ord681
ord100
ord579
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ