Behavioral task
behavioral1
Sample
0426e2d9d31e1ec5ba1fb430157e2ade_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0426e2d9d31e1ec5ba1fb430157e2ade_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
0426e2d9d31e1ec5ba1fb430157e2ade_JaffaCakes118
-
Size
445KB
-
MD5
0426e2d9d31e1ec5ba1fb430157e2ade
-
SHA1
0e0e81f266e139c746dd16da9bb43b7bc6df588c
-
SHA256
a2e8e1f839693bb60e1a9b50987c7d4f4136a8da865d84662649dba65deed7f0
-
SHA512
0a6021022bb84d2f8f0ea186ed7ce1b7d37ca2160fb1efed20a26aed3ee6a6f94b01c642d2cd2184cb2fbe4cf63d70237e917c20ca29110059e13704693bbef0
-
SSDEEP
12288:cNo6BDYKR1kU+gLcnKNalKv1V0pjnGPz:cNJkU+aqzAP0Nn
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0426e2d9d31e1ec5ba1fb430157e2ade_JaffaCakes118
Files
-
0426e2d9d31e1ec5ba1fb430157e2ade_JaffaCakes118.exe windows:4 windows x86 arch:x86
877004e2b592fd3f6015d3f11562b649
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
WSASocketA
getsockopt
ntohs
inet_ntoa
connect
WSACleanup
setsockopt
ioctlsocket
bind
listen
accept
closesocket
htons
gethostbyname
WSAStartup
recv
socket
send
__WSAFDIsSet
inet_addr
select
getsockname
kernel32
FreeLibrary
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
ExitProcess
CloseHandle
CreateProcessA
GetModuleFileNameA
GetSystemDirectoryA
Sleep
LoadLibraryA
GetLastError
GetProcAddress
GetModuleHandleA
CreateThread
DeleteFileA
OpenProcess
GetCurrentProcessId
CopyFileA
SetFileAttributesA
GetFileAttributesA
WaitForSingleObject
CreateMutexA
GetTickCount
MoveFileA
GetTempPathA
TerminateThread
GetComputerNameA
GetLocaleInfoA
GetVersionExA
ExitThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
ReadFile
WriteFile
TransactNamedPipe
CreateFileA
WideCharToMultiByte
TerminateProcess
DuplicateHandle
GetCurrentProcess
CreatePipe
GetTimeFormatA
GetDateFormatA
GetFileSize
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
SetFilePointer
SetConsoleCtrlHandler
WaitForMultipleObjects
GenerateConsoleCtrlEvent
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetProcessHeap
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
GetExitCodeProcess
PeekNamedPipe
GetLogicalDrives
GlobalMemoryStatus
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetTimeZoneInformation
GetSystemTime
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
OutputDebugStringA
InitializeCriticalSection
FatalAppExitA
HeapReAlloc
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
HeapDestroy
HeapCreate
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
RaiseException
Sections
.text Size: 303KB - Virtual size: 302KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 102KB - Virtual size: 742KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ