isrstealer | 515b976da111a57b3de218b7bd2596eb_JaffaCakes118 | Triage

Sharing

General

Target

515b976da111a57b3de218b7bd2596eb_JaffaCakes118
Size

748KB
MD5

515b976da111a57b3de218b7bd2596eb
SHA1

cdc57fe795c0748cf87975d86bb3ce71cee79a5c
SHA256

df646cf0f164cbc36961b373cf14f9870c1194f4a5455187cbf57aa0561d68ba
SHA512

d9e70d87bb8958630ed083d3fd2eb36afc9e43a62cc49a2aef5db5f471b4f3c28b8395a1fb9558dbbd3e5a06c50e23bae1f5251fb9447c97d3f69c8f210dec85
SSDEEP

12288:Yxc1UdFeCXuLKcCVsz6Y8KzfwXVhs3e8ETkB3j:YDPeCXuLKdsOY8KDSVhT8gkJ

Score

10^/10

isrstealer

Malware Config

Signatures

ISR Stealer payload 1 IoCs

resource	yara_rule
sample	family_isrstealer

Isrstealer family
isrstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
515b976da111a57b3de218b7bd2596eb_JaffaCakes118

Files

515b976da111a57b3de218b7bd2596eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bfcacb1a2b08582eb5f1bf04e9b757a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord588
MethCallEngine
ord516
ord517
ord519
ord666
ord593
ord594
ord595
ord598
ord599
ord631
ord632
ord526
EVENT_SINK_AddRef
ord528
ord529
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord607
ord608
ord717
ProcCallEngine
ord537
ord645
ord570
ord685
ord100
ord616
ord617
ord619

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ