Behavioral task
behavioral1
Sample
0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
0541f52181897f5716033fee5b2eaf34_JaffaCakes118
-
Size
58KB
-
MD5
0541f52181897f5716033fee5b2eaf34
-
SHA1
b9e420ddb43e5e43cb92e9e299311988ff4dbc97
-
SHA256
ad53990eca9fddf949020ae7a53e2549dc35a57a449a828eac33c0d563e16c38
-
SHA512
0fc8a095c4e42e5d7769a7401d620270d13dca82980bec3eafc4e9dd49abcbb5597f74c9158f46b59a5c0c63718bc847d09f6133a63de8267554c99e731f81d9
-
SSDEEP
768:oY0JV7zP9lGsSRAwxmkveRJrOvMBo2e4u1a9MeIaDh+Ef8YlgTgLEl2lojubvCnT:ozv7zCs4XgrH/iazvGT2l
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0541f52181897f5716033fee5b2eaf34_JaffaCakes118
Files
-
0541f52181897f5716033fee5b2eaf34_JaffaCakes118.exe windows:4 windows x86 arch:x86
334d07207823db69cc151625de1b461f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
gethostbyaddr
recv
inet_ntoa
connect
socket
sendto
select
recvfrom
WSAStartup
inet_addr
gethostname
gethostbyname
ioctlsocket
shutdown
closesocket
htons
setsockopt
bind
listen
advapi32
GetUserNameA
mpr
WNetAddConnection2A
shell32
ShellExecuteExA
SHChangeNotify
iphlpapi
GetAdaptersInfo
msvcrt
time
_stricmp
memcmp
sscanf
fread
fopen
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_controlfp
_vsnprintf
strlen
malloc
memset
memcpy
free
strcat
strncpy
rand
sprintf
atoi
srand
strchr
strrchr
strcpy
strcmp
strstr
_snprintf
ceil
strncat
_strcmpi
_ftol
_except_handler3
strcspn
??2@YAPAXI@Z
__set_app_type
strtok
fseek
kernel32
GetStartupInfoA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TransactNamedPipe
ReadFile
CreateEventA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
SetProcessPriorityBoost
CopyFileA
InitializeCriticalSectionAndSpinCount
OpenProcess
GetCurrentThread
GetCurrentProcess
GetWindowsDirectoryA
GetFileTime
SetFileTime
GetFileAttributesA
TerminateThread
LocalAlloc
LocalFree
GetProcAddress
LoadLibraryA
GetLocaleInfoA
CreateMutexA
SetFileAttributesA
DeleteFileA
ReleaseMutex
ExpandEnvironmentStringsA
CreateFileA
ExitThread
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
lstrcmpiA
CreateThread
Sleep
GetLastError
GetTempPathA
GetTickCount
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetVersionExA
TerminateProcess
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 360KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE