metasploit | 322b347e2bb230b75a3256a7321e52b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

322b347e2bb230b75a3256a7321e52b1_JaffaCakes118
Size

1.5MB
MD5

322b347e2bb230b75a3256a7321e52b1
SHA1

42a9df1b1bbd17ab92f3484f28b848229adf8e44
SHA256

a0dc6c712b34149f6bf0f2a03c6e167388831906a1b42fa48d85db6293d5b900
SHA512

60d3d7ce58ceb032727c114ee65de67e4b79b2f32f7ff1c9a0da7b9e7f789dbfb537c75709ec8eb3a36cb3fadf32f742c89891095e851d6cbcdd3af09cbd00ee
SSDEEP

12288:NkWYP1bNouPVihzFApOqwE5j6+07+L8XRbymL+97K4TrZD9uvM/:NcbNouoYpO5E5j6J7+LEbymL+NNrRE

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
322b347e2bb230b75a3256a7321e52b1_JaffaCakes118

Files

322b347e2bb230b75a3256a7321e52b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5690bdb077612ea4fb98c2029780c4d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
RegCreateKeyExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
EnumServicesStatusA

gdi32

GetBitmapBits
BitBlt
GetObjectA
SelectObject
DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateDCA
CreateCompatibleBitmap
DeleteDC

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
signal
fputs
strtoul
gmtime
_except_handler3
getenv
fgets
_setmode
localtime
memchr
tolower
abort
bsearch
realloc
memmove
qsort
time
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
fflush
printf
sprintf
_errno
strerror
perror
__mb_cur_max
_isctype
_pctype
calloc
_iob
fprintf
sscanf
strrchr
memcmp
fwrite
fseek
ftell
fread
fputc
wcscat
fopen
fclose
_ftol
rand
srand
_snprintf
free
malloc
strncat
exit
strncmp
atof
memcpy
strchr
_vsnprintf
strcat
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??2@YAPAXI@Z
strtok
strcmp
strstr
strncpy
??3@YAXPAX@Z
memset
system
_stat
_fileno
_memccpy
_strdup
_stricmp
__CxxFrameHandler
_EH_prolog
_purecall
atoi
strlen
strcpy
_getch

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ

kernel32

DeleteFileA
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
GetStartupInfoA
FlushConsoleInputBuffer
QueryPerformanceCounter
FindFirstFileA
FindNextFileA
FindClose
TlsGetValue
SetLastError
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
SetThreadPriority
GetProcessAffinityMask
TlsSetValue
FreeLibrary
WaitForMultipleObjects
CreateEventA
GetCurrentThreadId
DuplicateHandle
InterlockedIncrement
GetThreadPriority
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
SetEvent
WaitForSingleObject
ResetEvent
InterlockedDecrement
TerminateThread
TransactNamedPipe
DeleteCriticalSection
InitializeCriticalSection
CreateThread
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThread
GetCurrentProcess
OpenProcess
TerminateProcess
FindResourceA
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
GetLocalTime
GetLastError
GetTempPathA
WriteFile
LoadLibraryA
GetProcAddress
CopyFileA
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
GetModuleHandleA
GetModuleFileNameA
CloseHandle
Sleep
FreeConsole
AllocConsole
GetStdHandle
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
GetTickCount

user32

wsprintfA
ExitWindowsEx

shell32

ShellExecuteA

ws2_32

select
WSAGetLastError
accept
__WSAFDIsSet
recv
getpeername
ioctlsocket
htonl
ntohl
recvfrom
sendto
bind
WSASocketA
getservbyname
shutdown
WSASetLastError
connect
getsockname
inet_addr
gethostbyaddr
listen
gethostname
ntohs
WSAStartup
gethostbyname
inet_ntoa
WSACleanup
send
closesocket
socket
setsockopt
htons

mpr

WNetAddConnection2A
WNetCancelConnection2W
WNetAddConnection2W

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

dnsapi

DnsQuery_A

iphlpapi

GetTcpTable

Sections

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

5690bdb077612ea4fb98c2029780c4d6

Headers

File Characteristics

Imports

advapi32

gdi32

msvcrt

msvcp60

kernel32

user32

shell32

ws2_32

mpr

psapi

dnsapi

iphlpapi

Sections

.data Size: 1.3MB - Virtual size: 1.3MB

.pdata Size: 232KB - Virtual size: 232KB

.ex_cod Size: 8KB - Virtual size: 8KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.pdata
Size: 232KB - Virtual size: 232KB

.ex_cod
Size: 8KB - Virtual size: 8KB