metasploit | b65acbd3aa3973f2ee2042e9b1df39ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b65acbd3aa3973f2ee2042e9b1df39ca_JaffaCakes118
Size

31KB
MD5

b65acbd3aa3973f2ee2042e9b1df39ca
SHA1

d6988f9921920c26fbb43e9e0175f6f90e2fd50e
SHA256

15a57c29b67783aea43208a07c87e64d1096e9bfcb2ea41350442659e2cf548b
SHA512

3bbbc397c5c410d9d885a9f3402c42c789cd0c757bda8137174f04e409508d6527b5bf306249b92ed063c156a878f87cd8b9e4d2b7bfa88245064072aa178642
SSDEEP

384:AWfw7c9+8rODGY2fndKuMOc3JMdisYpENyQL25ExToh:AP7cZlY2fnd2mXYpvnaS

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.200.33:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b65acbd3aa3973f2ee2042e9b1df39ca_JaffaCakes118

Files

b65acbd3aa3973f2ee2042e9b1df39ca_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c0f4333dc4ce59b796dbdd41da333d6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\810220350359.kzi\documents\visual studio 2012\Projects\ConsoleApplication2\Debug\ConsoleApplication2.pdb

Imports

kernel32

VirtualAlloc
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
lstrlenA
LoadLibraryExW
GetProcAddress
GetLastError
RaiseException
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent

msvcr110d

_unlock
_calloc_dbg
__dllonexit
_onexit
_invoke_watson
_lock
_except_handler4_common
wcscpy_s
_wmakepath_s
_wsplitpath_s
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
_CrtSetCheckCount
_CrtDbgReportW
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_CRT_RTC_INITW
memcpy
printf
_controlfp_s

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

c0f4333dc4ce59b796dbdd41da333d6c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr110d

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB