metasploit | 2ec9f6eca4b2723d0dc85f5949d52f4c_JaffaCakes118

General

Target

2ec9f6eca4b2723d0dc85f5949d52f4c_JaffaCakes118
Size

252KB
MD5

2ec9f6eca4b2723d0dc85f5949d52f4c
SHA1

9c104a1882567f61048019d62b93e7f28a32a24a
SHA256

38577445ee182526ac5ff8bd8b0017c8ce88f364e31e68cb7ad2c45638f82d39
SHA512

8ebb74af58460b5819eb4252392bfdce53e20b0e96ef5e450d088fcb01ccbe288e44a3b6d4210344223d838ede8a4da3fc35c681c7417d12a4ea94fee7848679
SSDEEP

6144:FybVhuFlsgTOGQGbm5hLlpg4gQUZ615df:EuFlsSOGQGbfo

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ec9f6eca4b2723d0dc85f5949d52f4c_JaffaCakes118

Files

2ec9f6eca4b2723d0dc85f5949d52f4c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e774b7989942fd043b03a63d8ecbd85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetLastError
CloseHandle
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
SetFilePointer
CreateFileA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

5e774b7989942fd043b03a63d8ecbd85

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 92KB - Virtual size: 96KB

.idata Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 92KB - Virtual size: 96KB

.idata
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB