unicornstealer | e4bb3cc73320332e049f7834cf0ddecb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e4bb3cc73320332e049f7834cf0ddecb_JaffaCakes118
Size

982KB
MD5

e4bb3cc73320332e049f7834cf0ddecb
SHA1

07c5292d5cf379721469c3138240137d385e891b
SHA256

5e8d154f85675b724f27313bce1dd439d851d206af6c7c1e50c8ab1baac5659e
SHA512

0912d2d47a5f3f3ab44d1be5e037d7ef30a45b6c043f98ffdfe0c36da3b178ee3add05365669c731433052f421b138c0c8190bf423043ff914361a535f70d425
SSDEEP

24576:hMgiW1oT+7MvxhhRIj8HKvcUx/ab8OKzeS6tPTanHwSeIV7Hzn:hMuUNFo8HKvD91KBTwQSeIV7Hzn

Score

10^/10

stealer unicornstealer

Malware Config

Signatures

Unicorn Stealer payload 1 IoCs

stealer

resource	yara_rule
sample	unicorn

Unicornstealer family
unicornstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4bb3cc73320332e049f7834cf0ddecb_JaffaCakes118

Files

e4bb3cc73320332e049f7834cf0ddecb_JaffaCakes118
.exe windows:6 windows x86 arch:x86

6bde00e68a5f37bfe6327aead44279c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

ExpandEnvironmentStringsW
TerminateProcess
LeaveCriticalSection
SetFilePointer
GetTempPathW
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
GetFileSize
lstrcpynA
CopyFileW
GetTempFileNameW
QueryPerformanceCounter
LocalAlloc
DeleteFileW
InitializeCriticalSection
SetEndOfFile
SetFilePointerEx
lstrcpyA
CreateThread
WaitForSingleObject
LoadLibraryW
K32GetModuleFileNameExW
GlobalLock
GlobalUnlock
GetLastError
GetVolumeInformationA
GetModuleHandleA
GetUserDefaultLCID
lstrcatW
GetProcAddress
Module32FirstW
ReadProcessMemory
Module32NextW
VirtualFree
WriteFileEx
lstrcatA
DisconnectNamedPipe
CreateEventW
GetTempPathA
SetEvent
WaitForSingleObjectEx
ReadFileEx
GetOverlappedResult
lstrcmpiA
ConnectNamedPipe
ExpandEnvironmentStringsA
CreateFileA
DeleteFileA
ExitThread
TerminateThread
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
ExitProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileW
GetSystemDirectoryW
CreateProcessW
GetTimeZoneInformation
GetFullPathNameW
GetFileAttributesExW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCommandLineW
GetCommandLineA
WriteFile
EnterCriticalSection
ReadFile
lstrlenA
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
GlobalFree
GlobalAlloc
FindClose
VirtualAlloc
lstrlenW
FindNextFileW
CreateNamedPipeA
FindFirstFileW
DeleteCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
HeapAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryExW
CompareStringW
LCMapStringW
GetStdHandle
GetFileType
GetStartupInfoW
SetLastError
GetCurrentThreadId
HeapReAlloc
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
ReadConsoleW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
WriteConsoleW
EncodePointer
DecodePointer
RaiseException
HeapSize
GetCurrentProcessId
InitializeSListHead
GetLocalTime
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetEnvironmentVariableA
LoadLibraryA
WaitForMultipleObjects
CreateEventA
GetTickCount
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
FormatMessageA
RtlUnwind
VirtualQuery

user32

SetTimer
TranslateMessage
wsprintfW
wsprintfA
DispatchMessageW
GetMessageW
ToUnicode
GetClipboardData
GetForegroundWindow
GetWindowTextA
CloseClipboard
OpenClipboard
SetWindowsHookExW
CallNextHookEx
GetKeyState

secur32

GetUserNameExW
InitSecurityInterfaceA

msvcrt

vsprintf_s
_vscprintf
vprintf
strstr
memcpy
memset
memmove
memcmp
memchr

shlwapi

StrStrIW
PathFileExistsW
StrStrIA

advapi32

CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptExportKey

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptDuplicateHash
BCryptImportKeyPair
BCryptImportKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptCreateHash

ws2_32

WSAWaitForMultipleEvents
inet_ntoa
inet_addr
htons
recv
connect
socket
send
WSAStartup
gethostbyname
closesocket
WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
gethostname
WSAResetEvent
WSASetEvent
WSAEventSelect
WSAGetLastError
bind
getpeername
getsockname
getsockopt
ntohs
setsockopt
WSASetLastError
WSAIoctl
__WSAFDIsSet
select
ioctlsocket

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptDecodeObject

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 365KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bde00e68a5f37bfe6327aead44279c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

secur32

msvcrt

shlwapi

advapi32

bcrypt

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 365KB - Virtual size: 369KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 365KB - Virtual size: 369KB

.reloc
Size: 17KB - Virtual size: 17KB