metasploit | 1005b1ba0ad9455e373de922902d3458_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1005b1ba0ad9455e373de922902d3458_JaffaCakes118
Size

133KB
MD5

1005b1ba0ad9455e373de922902d3458
SHA1

9f327da43d4a001006784f221396c590f932bfdd
SHA256

910d64e2c48e7561e39afed0584cbfae150dc58fad6fa2e8969c9ff4ffae85b0
SHA512

45af0bb12ceeae7f732e8bc199b65df1332869952506569b5b262c362cc03c31663737f7b41e5ac27cbdd23fb41774f8111d60317916012a579546052dd00190
SSDEEP

3072:HfemQYJOl/TgYziLtKw4aGCbaWXod4JGw1VJIds:LxJOl/TglswPFa54Jb4

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1005b1ba0ad9455e373de922902d3458_JaffaCakes118

Files

1005b1ba0ad9455e373de922902d3458_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e72cdac18256cbee31b924bd6d95826

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryA
GetTempPathA
GetComputerNameA
GetSystemDirectoryA
GetVersionExA
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
OpenProcess
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualProtectEx
IsBadReadPtr
LoadLibraryExA
CopyFileA
SetFileTime
GetFileTime
SetFileAttributesA
GetProcAddress
TerminateProcess
CreateProcessA
ReadFile
GetExitCodeProcess
ExitThread
PeekNamedPipe
DuplicateHandle
CreatePipe
SearchPathA
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
GetWindowsDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalUnlock
GlobalLock
LocalFree
ExpandEnvironmentStringsA
GetFileSize
GetModuleHandleA
WriteFile
CreateFileA
DeleteFileA
GetCurrentProcessId
SetProcessWorkingSetSize
CreateMutexA
GetLastError
SetErrorMode
TerminateThread
CloseHandle
ExitProcess
GetTickCount
GetLocaleInfoA
Sleep
GetCurrentProcess
GetModuleFileNameA

user32

IsWindow
SetFocus
SetForegroundWindow
BringWindowToTop
ShowWindow
VkKeyScanA
GetMessageA
GetClassNameA
SetKeyboardState
DispatchMessageA
keybd_event
EnumWindows
FindWindowA
GetWindowThreadProcessId
SendMessageA
SetWindowsHookExA
GetClipboardData
OpenClipboard
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetWindowTextA
GetKeyNameTextA
GetKeyboardState
GetKeyboardLayout
wsprintfA
ToAsciiEx
CloseClipboard

advapi32

RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
SetServiceStatus

msvcrt

??1type_info@@UAE@XZ
sscanf
free
??2@YAPAXI@Z
??3@YAXPAX@Z
fseek
strncmp
memcmp
sprintf
strcpy
_stricmp
malloc
fread
fopen
fwrite
fclose
_EH_prolog
__CxxFrameHandler
strtok
strcmp
strstr
atol
atoi
_CxxThrowException
fgets
fprintf
strlen
_snprintf
memset
strncpy
strncat
_vsnprintf
memcpy
toupper
islower
rand
srand
strcat

netapi32

NetShareDel

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

shell32

ShellExecuteA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetGetConnectedStateEx
InternetOpenA

ws2_32

gethostname
inet_ntoa
gethostbyaddr
getsockname
ntohs
WSAIoctl
bind
getpeername
__WSAFDIsSet
select
ioctlsocket
setsockopt
listen
inet_addr
accept
WSAStartup
htonl
WSACleanup
shutdown
WSASocketA
closesocket
gethostbyname
htons
socket
connect
recv
send
WSACloseEvent

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

urlmon

URLDownloadToFileA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

oleaut32

GetErrorInfo

Sections

.data
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0e72cdac18256cbee31b924bd6d95826

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

psapi

shell32

wininet

ws2_32

ntdll

urlmon

version

oleaut32

Sections

.data Size: 132KB - Virtual size: 131KB

.rsrc Size: 1024B - Virtual size: 1008B

.data
Size: 132KB - Virtual size: 131KB

.rsrc
Size: 1024B - Virtual size: 1008B