isrstealer | 22654f6edca4fa7ae849c29ec3955220_JaffaCakes118 | Triage

Sharing

General

Target

22654f6edca4fa7ae849c29ec3955220_JaffaCakes118
Size

363KB
MD5

22654f6edca4fa7ae849c29ec3955220
SHA1

1b661602e8b66b6bb5d5a0ee93218ca441ab8b7d
SHA256

f2f6bbf28ec87f8dc44ab1fb91572f801d87c595c8a4aea4eac910c5403a7b33
SHA512

036272db6818fbf28769ef8c1f4f2c888e54ec6cb98feb29eb85d19d452fd9a0abdff9b2a88b4ca0477a9148197e9a452c38a7ac9ca7dda97ce9455e1ac635d3
SSDEEP

6144:HP0370mcFmY8bP2U623amIBL2PyCByJK/GTO8Xkr8NcXVcpvadgi3R8bDj71pT/u:FThU33aJBaP7aKr8XkoN0VLdSLTTC

Score

10^/10

isrstealer

Malware Config

Signatures

ISR Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/magic dreams 2.2.exe	family_isrstealer

Isrstealer family
isrstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/magic dreams 2.2.exe

Files

22654f6edca4fa7ae849c29ec3955220_JaffaCakes118
.zip
magic dreams 2.2.exe
.exe windows:4 windows x86 arch:x86

a434bea991b22222faefb0838dbec3e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord517
ord518
ord519
ord661
ord666
ord667
ord592
ord598
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord716
ord717
ProcCallEngine
ord537
ord644
ord538
ord645
ord648
ord570
ord571
ord572
ord681
ord100
ord579
ord616
ord617
ord618
ord619
ord650
ord581

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ