metasploit | 09acd1b8019a5775266a0d0b431d3f38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09acd1b8019a5775266a0d0b431d3f38_JaffaCakes118
Size

92KB
MD5

09acd1b8019a5775266a0d0b431d3f38
SHA1

f9bc4e1cdd723221d97480bb9f2c4b9f468e80e6
SHA256

940d3e4f7c113f7b07d4746c28c8c69b4cd0e60ebb13cc4b0043b2b61cadf80a
SHA512

a474a1abdc4d43209e0135e66be6b138e09d30ef618f342457f2ce91834aed9634a5e79cb4970b36266de0c3f9ddd3a34a1c1790378e81404ccdcee7f0d14348
SSDEEP

1536:ksJpo57jKj0vlFoT/o/2JCos0pwWkGWxATSmuLpLtdce3aa0oIRaHc6n:XwMGoTQ/2JC0pQAe7ce3axow+Tn

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.1.5:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09acd1b8019a5775266a0d0b431d3f38_JaffaCakes118

Files

09acd1b8019a5775266a0d0b431d3f38_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1c393fa6d32059b12042942bba53193

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA

kernel32

CreateFileA
GetLastError
lstrcpynA
lstrcmpA
lstrcpyA
Sleep
GetCurrentDirectoryA
GetCurrentThreadId
SetEvent
WaitForSingleObject
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
GetSystemTime
SetFilePointer
lstrcmpiA
ReadFile
WriteFile
SetThreadPriority
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
TerminateThread
DeleteFileA
FindClose
FindNextFileA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
GetLocalTime
SetCurrentDirectoryA
ReleaseMutex
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
SetLastError
GetDriveTypeA
LoadLibraryA
GetProcAddress
GetFileSize
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
GetFullPathNameA
InterlockedDecrement
ExitThread
TlsSetValue
CreateThread
ResumeThread
HeapFree
GetTimeZoneInformation
HeapAlloc
HeapReAlloc
lstrlenA
CloseHandle

user32

wsprintfA
GetDlgItemTextA
MessageBoxA
PostMessageA
GetDlgItemInt
GetParent
SetDlgItemInt
SetDlgItemTextA
DefWindowProcA
SetTimer
KillTimer
SendMessageA
SetWindowPos
SystemParametersInfoA
GetWindowRect
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowLongA
wvsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDlgItem
MessageBeep
GetDialogBaseUnits
SetWindowTextA
GetDC
ReleaseDC
GetClassInfoA
RegisterClassA
CreateWindowExA
DialogBoxParamA
GetClientRect
GetTopWindow
MapDialogRect
MoveWindow
FindWindowA
UnregisterClassA
GetWindow
DestroyIcon
LoadIconA
SetClassLongA
GetSystemMenu
AppendMenuA
CheckMenuItem
WinHelpA
SetWindowLongA
GetSystemMetrics
GetCursorPos
TrackPopupMenu
SetForegroundWindow
CreateDialogParamA
EnableWindow
SendDlgItemMessageA
EndDialog
DestroyWindow
GetWindowTextA
ShowWindow
InvalidateRect

gdi32

GetTextExtentPoint32A
LPtoDP

shell32

SHBrowseForFolderA
Shell_NotifyIconA
SHGetPathFromIDListA

wsock32

WSACleanup
WSAStartup
WSAAsyncGetHostByName
WSAIsBlocking
WSACancelBlockingCall
connect
send
ntohs
recv
WSAAsyncSelect
getservbyname
WSAGetLastError
WSASetLastError
select
closesocket
recvfrom
sendto
socket
setsockopt
bind
htons
htonl
ntohl
gethostname
gethostbyname
inet_addr
ioctlsocket

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

d1c393fa6d32059b12042942bba53193

Headers

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

shell32

wsock32

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 6KB