pandastealer | JaffaCakes118_a119a9f657c3bca53e97a8a5bad38230

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_a119a9f657c3bca53e97a8a5bad38230
Size

686KB
MD5

a119a9f657c3bca53e97a8a5bad38230
SHA1

2713c69905f49e3969d6b2d7992d08a132ba75b8
SHA256

058792133276504f7e506c0f4271b640b56472f1b564d4162db7b018c7038d2f
SHA512

1c6e2ec36243a4d6383baf241e811fc80c24dff22fdd64cb53ac39341b48e0cad6ad9637252938e796d51f4304c688e0580dbab052f399aca1a11ef5cdc18713
SSDEEP

12288:FHoZr1rQ/ERfli18M5nsOf5THHTvzTTddwNWkrKkKJm0VSAu/MGu/Cn:WZrpQIflLMhf5THHfTE2kKJm0V

Score

10^/10

pandastealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
sample	family_pandastealer

Pandastealer family
pandastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a119a9f657c3bca53e97a8a5bad38230

Files

JaffaCakes118_a119a9f657c3bca53e97a8a5bad38230
.exe windows:5 windows x86 arch:x86

bc569e8764c8b5cc2882bdb366334771

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
CreateDirectoryA
CopyFileA
FindClose
GetModuleFileNameA
FindNextFileW
WaitForSingleObject
OpenProcess
Sleep
TerminateProcess
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
TlsGetValue
SetEndOfFile
FreeLibrary
UnlockFile
LockFile
GetSystemTimeAsFileTime
WriteFile
TlsSetValue
LoadLibraryW
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetFileAttributesA
GetLastError
GetProcAddress
LockFileEx
LoadLibraryA
GetVersionExA
TlsAlloc
CloseHandle
DeleteFileW
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
DosDateTimeToFileTime
SetFileTime
GetFileTime
LocalFileTimeToFileTime
FindResourceA
LoadResource
SizeofResource
LockResource
GetModuleHandleA
GetDriveTypeW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WideCharToMultiByte
FindFirstFileW
GetTempPathW
GetFullPathNameW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileA
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
HeapReAlloc
GetModuleHandleW
ExitProcess
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
HeapCreate
GetConsoleCP
GetConsoleMode
HeapSize
TlsFree
SetLastError
GetCurrentThreadId
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetLocaleInfoW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
CompareStringW

user32

GetClassNameA
SendMessageA
EnumWindows
GetWindowThreadProcessId
MessageBoxA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathMatchSpecA

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc569e8764c8b5cc2882bdb366334771

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 338KB - Virtual size: 337KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 247KB - Virtual size: 246KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 338KB - Virtual size: 337KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 247KB - Virtual size: 246KB

.reloc
Size: 16KB - Virtual size: 16KB