metasploit | fbbcf16b6abe3a62aaf37766fb55125d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbbcf16b6abe3a62aaf37766fb55125d_JaffaCakes118
Size

96KB
MD5

fbbcf16b6abe3a62aaf37766fb55125d
SHA1

f4ae923ea08bca29270982f0757e497d9c566c9b
SHA256

4b6c23640e616dcc75de1b1817cbb2a89a5b26e83ec9fdc095af67849cf7ff19
SHA512

fbb03ddaa5adf6e409e5ed6d909819b9e0e9ca1d2b23cf0d585f1052827442a40a071ecd3e1f50ef3ed2d2bbae473ce2b688ad8b1186a1af7f57a08eca6863ad
SSDEEP

1536:f+kENVp8UpXSmrWDDAolXWsofKNMgAiye5lzj5P3yWdrpr4dfztDmNN8D:mR0QWDllpNMgAhert/3drpr4dfxDmNN8

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbbcf16b6abe3a62aaf37766fb55125d_JaffaCakes118

Files

fbbcf16b6abe3a62aaf37766fb55125d_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

5b1aa01e0aeb99ea4d19e2dc977166d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_stricmp
_vsnprintf
_stat
exit
fseek
ftell
fwrite
free
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
strncmp
sscanf
strtoul
fopen
fread
fclose
_snprintf
atoi
strtok
srand
rand
__CxxFrameHandler
strchr
strstr
sprintf

kernel32

Sleep
lstrcpyA
lstrcmpA
lstrlenA
CloseHandle
ReadFile
CreateFileA
FindClose
SetCurrentDirectoryA
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
GetModuleFileNameA
WaitForSingleObject
CreateThread
UnmapViewOfFile
GlobalAlloc
MapViewOfFile
CreateFileMappingA
GetFileSize
GlobalFree
SetFilePointer
WriteFile
GetTickCount
GlobalUnlock
GlobalLock
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcpynA
GetLocaleInfoA
GetVersionExA
ExitProcess
CreateProcessA
GetSystemDirectoryA
WinExec
GetDriveTypeA
GetEnvironmentVariableA
lstrcatA
SetFileAttributesA
MoveFileExA
GetShortPathNameA
SetFileTime
GetFileTime
SearchPathA
GetWindowsDirectoryA
Process32Next
TerminateProcess
Process32First
CreateToolhelp32Snapshot
OpenProcess
TerminateThread
GetLastError
lstrcmpiA
ExitThread
LocalFree
LocalAlloc
GetCurrentProcessId
CreateMutexA
CopyFileA

user32

ShowWindow
VkKeyScanA
SetFocus
SetForegroundWindow
BringWindowToTop
GetWindowTextA
EnumWindows
wsprintfA
CharLowerA
GetClassNameA
EmptyClipboard
CloseClipboard
SetClipboardData
PostMessageA
SetWindowPos
MessageBoxA
FindWindowA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
OpenClipboard
keybd_event

ws2_32

socket
send
recv
inet_addr
htons
connect
closesocket
gethostbyname
WSACleanup
WSAStartup
select
getpeername
getsockname
WSASocketA
WSAConnect
gethostname
ntohs
inet_ntoa
__WSAFDIsSet
setsockopt
bind
listen
accept
ioctlsocket

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
DeleteService
OpenServiceA
OpenSCManagerA
CloseServiceHandle
EnumServicesStatusA
SetServiceStatus
RegisterServiceCtrlHandlerA
ImpersonateLoggedOnUser
OpenProcessToken
CreateServiceA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
QueryServiceLockStatusA
LockServiceDatabase
StartServiceCtrlDispatcherA

shell32

ShellExecuteA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

wininet

InternetCloseHandle
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetOpenUrlA
InternetReadFile

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z

odbc32

ord24
ord41
ord31
ord75
ord11

crypt32

CryptUnprotectData

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

5b1aa01e0aeb99ea4d19e2dc977166d4

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

advapi32

shell32

psapi

wininet

msvcp60

odbc32

crypt32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 24KB - Virtual size: 23KB