metasploit | 14aa4505080eb5b39135019e082ef5a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14aa4505080eb5b39135019e082ef5a6_JaffaCakes118
Size

110KB
MD5

14aa4505080eb5b39135019e082ef5a6
SHA1

f6f40c4841d37937bc801a0e724802cc0d4fd754
SHA256

2967929dfe8d847dea9a4a1a65dba06d336691fd2990294b6da434825489852c
SHA512

9efc0ec5664c6da4e7cead1bd5dfc7ad7a0ca2bf0fcf3348131bcc85f67795b62ccc6079445034839877d11f22424041b548e3eedad3c90d13950bdba20af8c0
SSDEEP

1536:d8kp5OnbsmqxpOxy4bu30/8bCOhmetzSP0vcf5XsVoJi3nEl/qWU4YoMVq3:u6InbqLH4buEkbEyjS5tKEl/xUbob3

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14aa4505080eb5b39135019e082ef5a6_JaffaCakes118

Files

14aa4505080eb5b39135019e082ef5a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8100cc81487363d6c06c74439e7b291c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetFileSize
GetComputerNameA
GetVersionExA
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
TerminateProcess
CreateProcessA
FreeLibrary
TerminateThread
ReadFile
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
GetWindowsDirectoryA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
LocalFree
CreateFileA
CloseHandle
DeleteFileA
GetCurrentProcessId
CreateMutexA
GetLastError
SetErrorMode
GetSystemTime
ExitProcess
CopyFileA
GetLocaleInfoA
GetCurrentProcess
SetProcessWorkingSetSize
GetTickCount
Sleep
GetShortPathNameA
GetEnvironmentVariableA
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
SetFileAttributesA
LoadLibraryA

user32

GetClipboardData
CloseClipboard
SetWindowsHookExA
GetMessageA
OpenClipboard
UnhookWindowsHookEx
CallNextHookEx
SetKeyboardState
DispatchMessageA
GetActiveWindow
GetWindowTextA
GetKeyNameTextA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx

advapi32

RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegEnumValueA
RegCreateKeyExA

msvcrt

_onexit
__dllonexit
fopen
fclose
fread
free
sscanf
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
sprintf
??1type_info@@UAE@XZ
strstr
strncat
_snprintf
strncpy
_vsnprintf
toupper
islower
rand
srand
atol
system
atoi
strtok
__CxxFrameHandler

netapi32

NetShareDel

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetGetConnectedStateEx

ws2_32

gethostname
gethostbyaddr
inet_addr
getsockname
ntohs
WSAIoctl
bind
WSASocketA
accept
listen
getpeername
inet_ntoa
select
ioctlsocket
htonl
setsockopt
WSAStartup
WSACleanup
gethostbyname
socket
connect
shutdown
closesocket
recv
WSACloseEvent
send
__WSAFDIsSet
htons

ntdll

ZwSystemDebugControl
NtQuerySystemInformation

oleaut32

GetErrorInfo

Sections

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8100cc81487363d6c06c74439e7b291c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

shell32

wininet

ws2_32

ntdll

oleaut32

Sections

.data Size: 96KB - Virtual size: 96KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 12KB - Virtual size: 11KB

.data
Size: 96KB - Virtual size: 96KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 12KB - Virtual size: 11KB