metasploit | 072c561df9c25221b30d72fe47e810a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

072c561df9c25221b30d72fe47e810a9_JaffaCakes118
Size

2.8MB
MD5

072c561df9c25221b30d72fe47e810a9
SHA1

264be8bbea9d419fb13586fc43dde91dd1b4e620
SHA256

cffda452b6b11052ef85283ed8888c5a92eda096114d4e79837a4e710545a1ce
SHA512

b808ecd09d99fb67a621beaf9febefd7bb6fa5e83d1d5bb5be2f9f36bdde42967649c48edb3e0a8e8e03745497b12cf8124b564b8bc818db48be0f32f8ad523c
SSDEEP

24576:hpDo0VgOW0oktexGG7pGYCW5uXSA7jTeFadRsxpb/g/J/ulZ:rC0oVLC8A7/eFwE3l

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

70.48.40.64:6444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072c561df9c25221b30d72fe47e810a9_JaffaCakes118

Files

072c561df9c25221b30d72fe47e810a9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

0c397c719a61462a8c21ea75c51fea2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyW
RegGetValueW
RegOpenKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
EventWrite
EventEnabled
GetLengthSid
GetTokenInformation
OpenProcessToken
EventUnregister
EventRegister
GetUserNameW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
TraceMessage
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
ConvertSidToStringSidW
StartServiceW
CreateWellKnownSid

kernel32

GetSystemTime
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
FlushInstructionCache
RaiseException
GetSystemWindowsDirectoryW
SetLastError
ReadFile
GetFileSize
CreateFileW
InterlockedCompareExchange
LoadLibraryA
SystemTimeToFileTime
ExpandEnvironmentStringsW
GlobalGetAtomNameW
MultiByteToWideChar
GetEnvironmentVariableW
GetCurrentProcessId
GetModuleHandleW
lstrlenW
OpenEventW
SetEvent
GetBinaryTypeW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
CompareFileTime
GlobalFree
GetTickCount
MulDiv
GetUserDefaultLangID
GetPrivateProfileIntW
GetCurrentThread
GetThreadPriority
GetCurrentThreadId
SetThreadPriority
CompareStringOrdinal
lstrcmpiW
HeapSetInformation
SetErrorMode
CreateMutexW
ReleaseMutex
GetTimeZoneInformation
SetFilePointer
SetProcessShutdownParameters
GetSystemDirectoryW
CreateEventW
SetTermsrvAppInstallMode
RegisterApplicationRestart
ExitProcess
GetModuleFileNameW
GetPrivateProfileStringW
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetProcessHeap
HeapAlloc
QueryPerformanceFrequency
GetFileAttributesExW
QueueUserWorkItem
GetLongPathNameW
GetProcessTimes
TerminateThread
GetProcessId
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
FormatMessageW
QueryFullProcessImageNameW
GlobalAlloc
DuplicateHandle
GetCurrentDirectoryW
WideCharToMultiByte
WriteFile
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
FindResourceExW
LoadResource
LockResource
GetUserDefaultUILanguage
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
CreateThread
AssignProcessToJobObject
ResumeThread
Sleep
QueryInformationJobObject
LocalAlloc
LocalFree
CloseHandle
OpenProcess
SetPriorityClass
GetPriorityClass
CreateJobObjectW
SetInformationJobObject
GetLastError
InterlockedDecrement
InterlockedIncrement
HeapFree
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
VirtualAlloc
VirtualFree
DelayLoadFailureHook

gdi32

GetStockObject
CombineRgn
GetLayout
CreatePatternBrush
OffsetViewportOrgEx
GdiAlphaBlend
GetTextExtentPoint32W
ExtTextOutW
SetWindowOrgEx
GetPixel
PatBlt
CreateRectRgn
GetClipRgn
IntersectClipRect
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
GetBkColor
CreateCompatibleBitmap
OffsetWindowOrgEx
SetBkColor
GetTextExtentPointW
GetClipBox
CreateDIBSection
CreateRectRgnIndirect
SetTextColor
SetBkMode
GetTextMetricsW
CreateFontIndirectW
CreateSolidBrush
GetObjectW
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps

user32

GetDlgItem
LoadCursorW
RegisterClassW
IsChild
SetTimer
MonitorFromRect
SetWindowTextW
SetClassLongW
GetClassInfoW
GetClassLongW
KillTimer
GetClassInfoExW
IsWindowEnabled
GetShellWindow
GetIconInfo
SetScrollInfo
GetLastActivePopup
GetSystemMenu
IsIconic
IsZoomed
EnableMenuItem
IsWindowVisible
IsWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowInfo
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetFocus
SetForegroundWindow
LoadMenuW
SetMenuInfo
SetMenuDefaultItem
GetSubMenu
TrackPopupMenuEx
LoadImageW
InsertMenuItemW
DestroyIcon
DeleteMenu
GetMenuItemInfoW
SetMenuItemInfoW
CharUpperBuffW
PostQuitMessage
LoadStringW
ShutdownBlockReasonCreate
GetWindowLongA
SetWindowLongW
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterWindowMessageW
SetWindowPos
RegisterClassExW
GetDesktopWindow
UpdateWindow
InvalidateRect
BeginPaint
LoadBitmapW
SetLayeredWindowAttributes
EndPaint
ShowWindow
DefWindowProcW
MoveWindow
DestroyWindow
UnregisterClassW
SetProcessDPIAware
PeekMessageW
CreateWindowExW
DialogBoxParamW
MsgWaitForMultipleObjects
GetKeyboardLayout
ActivateKeyboardLayout
IsProcessDPIAware
PrintWindow
GetDCEx
GetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
GetDlgCtrlID
ChildWindowFromPointEx
GetCapture
GetGUIThreadInfo
SetWindowLongA
CharUpperW
GetWindowDC
RegisterClipboardFormatW
UnhookWinEvent
SetWinEventHook
ReleaseCapture
GetUserObjectInformationW
GetProcessWindowStation
FlashWindowEx
GetForegroundWindow
PostMessageW
CreatePopupMenu
GetWindowThreadProcessId
EqualRect
MsgWaitForMultipleObjectsEx
CharPrevW
CharNextW
DispatchMessageW
TranslateMessage
UnionRect
MapWindowPoints
GetClientRect
EnumWindows
EndTask
SetThreadDesktop
GetThreadDesktop
TrackPopupMenu
GetMenuItemID
IsHungAppWindow
DrawTextW
GetSysColor
SendMessageCallbackW
GetParent
DeregisterShellHookWindow
EndDialog
IsDlgButtonChecked
LoadIconW
GetSysColorBrush
CloseDesktop
OpenInputDesktop
SetActiveWindow
IsRectEmpty
GetAsyncKeyState
RegisterShellHookWindow
FillRect
GetCursorPos
SetPropW
CopyRect
LockSetForegroundWindow
MonitorFromPoint
InflateRect
GetClassNameW
SubtractRect
RedrawWindow
EnumDisplayMonitors
OffsetRect
IntersectRect
GetMenuState
GhostWindowFromHungWindow
HungWindowFromGhostWindow
SetWindowRgn
GetWindowPlacement
RemovePropW
SendMessageTimeoutW
UnregisterHotKey
InsertMenuW
ModifyMenuW
ClientToScreen
ScreenToClient
GetMenuItemCount
GetFocus
GetScrollInfo
InternalGetWindowText
GetKeyState
RegisterHotKey
GetWindowLongW
EnumChildWindows
SendMessageW
GetWindow
GetWindowRect
PtInRect
ChangeDisplaySettingsW
SetCursor
ChildWindowFromPoint
SetCursorPos
GetMessagePos
LoadAcceleratorsW
WaitMessage
TranslateAcceleratorW
GetWindowRgnBox
GetActiveWindow
MessageBeep
SetWindowPlacement
SetRect
SendNotifyMessageW
UpdateLayeredWindow
GetLastInputInfo
AllowSetForegroundWindow
RemoveMenu
CallWindowProcW
SetParent
EnableWindow
GetDlgItemInt
SetDlgItemInt
CheckDlgButton
CopyIcon
DrawFocusRect
NotifyWinEvent
ExitWindowsEx
DrawEdge
WindowFromPoint
GetDoubleClickTime
SetCapture
TrackMouseEvent
LockWorkStation
AppendMenuW
CheckMenuItem
SetScrollPos
SetRectEmpty
AdjustWindowRectEx
BringWindowToTop
CascadeWindows
GetMessageW
GetSystemMetrics
SystemParametersInfoW
FindWindowW
ReleaseDC
TileWindows
GetAncestor
SwitchToThisWindow
SendDlgItemMessageW
GetMenuDefaultItem
DestroyMenu
GetDC
ShowWindowAsync

msvcrt

memset
_unlock
_except_handler4_common
_ftol2_sse
memcpy
free
memmove
realloc
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_vsnwprintf
malloc
__wgetmainargs
_cexit
_exit
__set_app_type
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

ntdll

NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
RtlGetProductInfo
NtClose
NtQueryInformationProcess
NtSetSystemInformation
WinSqmAddToStream
NtSetInformationProcess

shlwapi

PathGetDriveNumberW
ord197
ord292
PathRemoveFileSpecW
ord157
ord478
SHRegGetUSValueW
ord433
StrDupW
PathQuoteSpacesW
ord467
ord479
ord163
ord193
StrChrIW
ord388
ord548
ord256
SHRegOpenUSKeyW
SHRegQueryUSValueW
StrCmpW
AssocQueryStringW
ord199
ord204
ord165
ord630
ord629
AssocQueryKeyW
PathParseIconLocationW
PathIsPrefixW
ord509
PathRemoveExtensionW
SHOpenRegStream2W
PathFileExistsW
ord348
ord631
ord184
ord212
StrRetToBufW
PathFindExtensionW
ord460
ord213
ord192
ord413
ord279
ord16
ord278
ord240
SHDeleteKeyW
PathAppendW
SHDeleteValueW
ord174
ord635
ord618
PathRemoveArgsW
PathRemoveBlanksW
StrCmpNIW
PathFindFileNameW
ord437
SHSetValueW
SHGetValueW
SHCreateThreadRef
SHSetThreadRef
ord158
ord270
PathCombineW
SHRegGetValueW
StrToIntW
ord8
ord9
ord10
PathGetArgsW
StrChrW
ord176
ord175
ord172
ord164
SHStrDupW
ord219
SHQueryInfoKeyW
ord171
ord484
ord178
ord236
ord439
ord2
ord217
ord24
ord476
StrRetToStrW
ord154
ord215
StrStrIW
ord177
ord194
ord156
PathMatchSpecW
PathIsRootW
PathIsNetworkPathW
SHQueryValueExW
AssocCreate
StrCmpIW
ord513
ord512
ord571
StrCmpNW
ord237
ord628
ord487
StrPBrkW
ord639
ord168
PathStripToRootW
ord225
PathIsDirectoryW
ord632

shell32

ord193
ord790
ord787
ord732
ord24
ord719
ord134
ord22
SHGetDesktopFolder
ord261
SHBindToFolderIDListParent
ord152
ord196
ord28
SHGetIDListFromObject
ord265
ord814
ord815
ord747
ord821
ord820
ord839
ord836
ord849
SHCreateShellItemArrayFromIDLists
ord826
ord830
ord818
SHCreateItemFromIDList
SHCreateShellItemArrayFromShellItem
ord154
ord6
SHBindToFolderIDListParentEx
SHChangeNotify
SHAddToRecentDocs
DuplicateIcon
ord244
ord733
ord54
ShellExecuteW
ord91
ord254
SHGetPathFromIDListA
SHUpdateRecycleBinIcon
SHGetKnownFolderIDList
SHGetFolderPathEx
SHFileOperationW
ord731
ord711
ord102
ord60
ord21
ord90
SHGetPathFromIDListW
ord64
ord61
ord753
ord16
ord19
ord2
ord644
ord645
ord137
ExtractIconExW
ord727
ord4
ord181
ord162
SHGetSpecialFolderLocation
ord17
ord23
SHBindToParent
Shell_NotifyIconW
SHGetFolderPathAndSubDirW
Shell_GetCachedImageIndexW
ord67
ord132
SHEvaluateSystemCommandTemplate
ord241
ord236
ord149
ord188
ord660
ord680
ord852
ord201
ord89
ord68
ord200
SHBindToObject
ord25
ShellExecuteExW
ord245
ord723
SHGetSpecialFolderPathW
ord176
SHParseDisplayName
ord155
ord190
SHGetFolderLocation
ord18
ord100
ord85
SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoGetClassObject
OleInitialize
OleUninitialize
CoGetObject
StringFromGUID2
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoRegisterMessageFilter
CoGetInterfaceAndReleaseStream
CoFreeUnusedLibraries
CoTaskMemAlloc
PropVariantClear
DoDragDrop
CoInitializeEx
CreateBindCtx
CoMarshalInterThreadInterfaceInStream

oleaut32

VariantInit
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString

shdocvw

ord110
ord111

uxtheme

GetThemeRect
IsThemePartDefined
GetThemeBackgroundRegion
DrawThemeTextEx
GetThemeFont
GetThemeColor
GetThemeBool
IsCompositionActive
IsAppThemed
GetThemeInt
SetWindowTheme
DrawThemeText
GetThemeTextExtent
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
GetThemePartSize
GetThemeMetric
GetThemeBackgroundContentRect
GetThemeMargins

powrprof

GetPwrCapabilities

dwmapi

DwmQueryThumbnailSourceSize
DwmEnableBlurBehindWindow
ord105
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmGetColorizationColor
DwmUpdateThumbnailProperties
DwmRegisterThumbnail
DwmUnregisterThumbnail

gdiplus

GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingMode
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStreamICM

slc

SLGetWindowsInformationDWORD

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
NdrClientCall2
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW

propsys

PSGetPropertyKeyFromName
PSPropertyKeyFromString
PropVariantToStringAlloc
PSGetNameFromPropertyKey
VariantToBooleanWithDefault
VariantToInt32WithDefault
VariantToStringWithDefault
VariantToStringAlloc
PSGetPropertyDescription

browseui

ord118
ord135

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

0c397c719a61462a8c21ea75c51fea2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

oleaut32

shdocvw

uxtheme

powrprof

dwmapi

gdiplus

slc

rpcrt4

propsys

browseui

Sections

.text Size: 429KB - Virtual size: 429KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 429KB - Virtual size: 429KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 22KB - Virtual size: 22KB