pandastealer | JaffaCakes118_2e2ffd5febbeb52b73373b5824deaedb

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_2e2ffd5febbeb52b73373b5824deaedb
Size

1.7MB
MD5

2e2ffd5febbeb52b73373b5824deaedb
SHA1

5cd1009133592a28c7079265fa4f7c958c7c8bc6
SHA256

a7097b05f074d81e5c8f482a34bdf9debcf6ae53e82f46d659d12baaed1f538c
SHA512

25ce59254c104c7cf73d5975dc99c20bbe4d0f0800001c8f78f730eb35dbcc16655c8c84963dfd8bdc12428cc8672f5d7493225ea68d275b0fcf2c0aa025097e
SSDEEP

49152:CjfUh+rrJylndvWRIRsazN815tjB59KZW:0HJyLvbC9t

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2e2ffd5febbeb52b73373b5824deaedb

Files

JaffaCakes118_2e2ffd5febbeb52b73373b5824deaedb
.exe windows:4 windows x86 arch:x86

61c5d0f873f720dd1c7be1d3202eac71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\Piriform\CCleaner\trunk\src\CCleaner\Release\CCleaner.pdb

Imports

kernel32

GetCurrentThreadId
InterlockedExchange
CloseHandle
ResetEvent
SetEvent
SizeofResource
LockResource
GetCurrentProcess
LoadResource
FlushInstructionCache
WaitForMultipleObjects
GetLastError
SetLastError
EnterCriticalSection
RaiseException
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
RtlUnwind
CreateThread
ExitThread
GetLogicalDrives
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
LocalAlloc
LockFile
UnlockFile
SetEndOfFile
CreateFileA
GetFullPathNameA
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetCurrentProcessId
LockFileEx
GetFileAttributesA
FormatMessageA
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
MoveFileExW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetModuleHandleA
CompareStringA
SetErrorMode
SystemTimeToTzSpecificLocalTime
VirtualProtect
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
GetFileSize
ReadFile
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoA
GetModuleFileNameA
LoadLibraryA
WaitForSingleObject
ResumeThread
FindClose
GetExitCodeThread
LocalFree
OpenProcess
GetCurrentThread
GetUserDefaultLangID
GetVersionExA
GlobalMemoryStatus
GetSystemInfo
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
FreeLibrary
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
FlushFileBuffers
WriteFile

advapi32

GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameW
CopySid
GetLengthSid
LookupAccountSidW
FreeSid
EqualSid
OpenThreadToken
AllocateAndInitializeSid
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegNotifyChangeKeyValue
RegCloseKey
GetTokenInformation

user32

EmptyClipboard
CloseClipboard
WaitForInputIdle
GetWindowThreadProcessId
ExitWindowsEx
GetMenuItemID
GetWindowPlacement
GetSystemMetrics
SystemParametersInfoA
ShowWindow
OpenIcon
EndPaint
SetForegroundWindow
UnregisterClassA
OpenClipboard
GetParent
RedrawWindow
DestroyWindow
GetNextDlgTabItem
SetScrollInfo
GetDesktopWindow
GetWindowDC
GetActiveWindow
ScrollWindowEx
GetMessagePos
IsWindowVisible
GetWindowRect
GetScrollPos
GetIconInfo
DestroyCursor
FrameRect
MessageBoxA
WindowFromPoint
IsIconic
IsZoomed
DispatchMessageA
CopyRect
LockWindowUpdate
GetMessageA
MsgWaitForMultipleObjects
PostQuitMessage
SetMenuDefaultItem
AdjustWindowRectEx
IsWindowEnabled
GetMenu
SetRect
DrawEdge
DrawFocusRect
GetComboBoxInfo
EndDialog
DestroyIcon
ClientToScreen
GetKeyState
IsWindow
OffsetRect
SetCapture
InflateRect
MoveWindow
GetCapture
SetCursor
SetFocus
GetSysColorBrush
KillTimer
SetRectEmpty
BringWindowToTop
SetTimer
GetFocus
PtInRect
SetCursorPos
GetCursorPos
ReleaseCapture
TranslateMessage
UpdateWindow
InvalidateRect
ReleaseDC
GetSysColor
GetDC
SetScrollPos
GetScrollInfo
GetDlgCtrlID
EnumWindows
ScreenToClient
TrackPopupMenu
FillRect
GetDlgItem
GetClientRect
CreatePopupMenu
MapWindowPoints
DestroyMenu
GetWindow
SetWindowPos
BeginPaint

gdi32

LineTo
MoveToEx
GetClipRgn
Ellipse
CreatePen
BeginPath
GetStockObject
ExcludeClipRect
CombineRgn
SelectClipRgn
CreateRectRgnIndirect
RestoreDC
CreateRectRgn
SaveDC
CreatePatternBrush
CreateBitmap
GetDeviceCaps
SetTextColor
SetBkMode
EndPath
StrokeAndFillPath
GetClipBox
PatBlt
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
DeleteDC
GetDIBColorTable
SetViewportOrgEx
CreateSolidBrush
StretchBlt
DeleteObject

rpcrt4

UuidFromStringA

ole32

OleInitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
RevokeDragDrop
RegisterDragDrop
DoDragDrop
CoInitialize
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoSetProxyBlanket
CLSIDFromString
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString
VarBstrFromR8
VariantInit
VariantClear
VariantChangeType
VariantTimeToSystemTime
SysAllocStringLen
SysAllocString

shlwapi

PathRemoveBackslashW
PathMatchSpecW
PathCombineW
PathRemoveFileSpecA
PathAppendW
PathIsDirectoryW
StrRetToStrW
PathStripPathA
PathFileExistsW
PathRemoveFileSpecW
PathCompactPathW

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_LoadImageW
ImageList_Create
ImageList_GetImageCount
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Remove
_TrackMouseEvent

Sections

.text
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 157KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61c5d0f873f720dd1c7be1d3202eac71

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

rpcrt4

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 973KB - Virtual size: 972KB

.rdata Size: 264KB - Virtual size: 263KB

.data Size: 157KB - Virtual size: 167KB

.rsrc Size: 260KB - Virtual size: 259KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 973KB - Virtual size: 972KB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 157KB - Virtual size: 167KB

.rsrc
Size: 260KB - Virtual size: 259KB

.rrdata
Size: 72KB - Virtual size: 72KB