metasploit | 0c1167b1e4852a2d66f5d69c3841f993_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c1167b1e4852a2d66f5d69c3841f993_JaffaCakes118
Size

28KB
MD5

0c1167b1e4852a2d66f5d69c3841f993
SHA1

5515a2d0abb88061c3f1c230bf24c10d1afcb5ad
SHA256

985e70f347183acd06fd8a15c7ae4958e420303dae16d9c18aad2b922b4d2324
SHA512

2fffa678fd6edf100109af72338dd7e3183acb86f2b52c1c9ea9031bfc53e4d715d2768c88af15fd3718be90e317f3b16114b5e7814ed84519bd14ec24553932
SSDEEP

384:QJcP4Z3EMj8J9Kq1dfpy+DfFPLTcREDf:dAxEU8J9JlHZTkcf

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c1167b1e4852a2d66f5d69c3841f993_JaffaCakes118

Files

0c1167b1e4852a2d66f5d69c3841f993_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1248ac64510058f5155efa538c1b5d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord609
ord800
ord2514
ord2621
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord2982
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord860
ord540
ord567
ord2370
ord2302
ord4160
ord2863
ord6334
ord2642
ord2379
ord755
ord470
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3798
ord4673
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_setmbcp
_stricmp
sprintf
__CxxFrameHandler
__dllonexit
_onexit
_controlfp
_exit
_XcptFilter
exit
_acmdln

kernel32

GetCommandLineA
GetVersionExA
GetStartupInfoA
GetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetSystemInfo
FreeLibrary
GetLastError
GetModuleHandleA
CreateFileA
CloseHandle

user32

EnableWindow
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
MessageBoxA
GetClientRect

advapi32

ControlService
DeleteService
OpenSCManagerA
CreateServiceA
StartServiceA
CloseServiceHandle
OpenServiceA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

e1248ac64510058f5155efa538c1b5d5

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 988B

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 988B

.rsrc
Size: 8KB - Virtual size: 4KB