strela | de5fb5d7296e9233c4061298eee49a2d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de5fb5d7296e9233c4061298eee49a2d_JaffaCakes118
Size

4.7MB
MD5

de5fb5d7296e9233c4061298eee49a2d
SHA1

5653435cb9c5cf5fe753bc9a636354c9866eb645
SHA256

f55b8b4889e866801f86fecbca67b283e81d4634c87d50ea391c845092eecf18
SHA512

a5ee228a7537847c7189e022d16568ff45c17a7313ab47c6bd6d88ba17447857db16fbf220300ad59c23c2e8a37c94878888f42ef84f154cbdb653794d3af608
SSDEEP

49152:+We/yiQNLEMR5aJSoQk/s+K7iK2g9Df4N+rMaMMfZiCzMWkFrZggggMH4ATar8b2:+Yf5Gf/s5iK2g1f4NWuCzMW4CiEtpM

Score

10^/10

strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de5fb5d7296e9233c4061298eee49a2d_JaffaCakes118

Files

de5fb5d7296e9233c4061298eee49a2d_JaffaCakes118
.dll windows:6 windows x86 arch:x86

1c645e4d45ca218736490fc7e338154d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\AVEngine\main\branches\6.x\6.4\trunk\FortiAVEngine\corelib\Win32\Release\libav\libav.pdb

Imports

imagehlp

ImageNtHeader

kernel32

GetTickCount
GetCurrentProcessId
GetTempFileNameA
InitializeCriticalSection
DeleteCriticalSection
VirtualProtect
CreateFileW
CloseHandle
GetTickCount64
RaiseException
VirtualAlloc
VirtualFree
VirtualQuery
MoveFileExA
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetTempPathA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetSystemWindowsDirectoryA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
EnterCriticalSection
CreateFileA
Sleep
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
FreeLibrary
GetProcAddress
GetLastError
SetLastError
FormatMessageW
SetConsoleCtrlHandler
GetSystemDirectoryW
LoadLibraryW
CompareStringA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
FoldStringW
GetVersionExW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DeviceIoControl
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
DecodePointer
LeaveCriticalSection
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlCaptureStackBackTrace
GetStringTypeW
LCMapStringW
GetLocaleInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
HeapFree
GetStdHandle
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
ReadConsoleW
HeapAlloc
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateDirectoryW
GetConsoleCP
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
OutputDebugStringW
CreateTimerQueue
SetEvent
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection

user32

CharUpperA
CharLowerA
OemToCharBuffA
OemToCharA
CharLowerW
CharUpperW

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

Exports

Exports

avCleanFileA
avCleanFileW
avCleanInit
avCleanTerm
avControl
avDiagnose
avDuplicateHandle
avFree
avFreeHandle
avGetConfig
avGetDeltaFileInfo
avGetEngineVersion
avGetSigDate
avGetSigFileInfo
avGetSigVersion
avGlobalGet
avGlobalSet
avGraywareCategoryListFree
avGraywareCategoryListGet
avHeuristicScan
avInitHandle
avIsIgnoreBuffer
avIsMaliciousBuffer
avPackerNameListFree
avPackerNameListGet
avParamAddParam
avParamAddPtr
avParamAddUInt32
avParamAddUInt64
avParamCount
avParamCreate
avParamDestroy
avParamGetParam
avParamGetPtr
avParamGetUInt32
avRegisterCallBack
avRegisterTlvCallback
avScanAttach
avScanCleanup
avScanDestroy
avScanDetach
avScanLoad
avScanSetup
avSetCallBackParam
avSetConfig
avSigPatch
avSigPatchSetOptions
avTlvDecode
avTlvEncode
avValidateSigFile
avVirusListFree
avVirusListGet
freeScanFileResults
getAvSoVersion
scanCleanup
scanInit
scanSetOffline
scanvirFile
scanvirFileBuffer
scanvirFileEx
scanvirUrl

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c645e4d45ca218736490fc7e338154d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imagehlp

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 278KB - Virtual size: 342KB

.cdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 114KB - Virtual size: 113KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 278KB - Virtual size: 342KB

.cdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 114KB - Virtual size: 113KB