metasploit | 2ff70da6f2e513d6c97211a40d1fafdc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ff70da6f2e513d6c97211a40d1fafdc_JaffaCakes118
Size

456KB
MD5

2ff70da6f2e513d6c97211a40d1fafdc
SHA1

4690afc8b12ce2a86b6d901f1e51c3ce97649184
SHA256

7a329c80f8b8d3a5e9f04c96378a4a2cce62ad654a8abe3f843b25b83b0d10d5
SHA512

d85d734274c0ff8a229a582ff652be256e25be8e4f7dd777dfe7e6e87420ba18e6104386bf847a096ebf989c4f709efead4e5cb97f27bca132345fe2e08164b1
SSDEEP

6144:H4xTV3UX7nt1LvhUr9lrp0XnVSCBm4pF9zEGyX:H4txmnt1LhUr9lCXnVX3pPj

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ff70da6f2e513d6c97211a40d1fafdc_JaffaCakes118

Files

2ff70da6f2e513d6c97211a40d1fafdc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4f8843ed12b2fdd0963d2ce355a58dad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

kernel32

CreateProcessA
GetLastError
GetTempPathA
CreateThread
ExitProcess
SetPriorityClass
GetLocaleInfoA
MoveFileExA
GetCurrentProcess
GetCurrentThread
SetProcessPriorityBoost
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
OpenMutexA
CreateMutexA
ReleaseMutex
WinExec
GetWindowsDirectoryA
CopyFileA
SetFileAttributesA
GetCurrentProcessId
DeleteFileA
lstrlenA
FreeLibrary
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
lstrcmpiA
CreateDirectoryA
GetLogicalDriveStringsA
SetLastError
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
Sleep
LeaveCriticalSection
ExitThread
EnterCriticalSection
OpenEventA
WaitForMultipleObjects
DeleteCriticalSection
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
WriteFile
GetTickCount
CreateFileA
VirtualQuery
CloseHandle
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
Process32First
GetComputerNameA
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSection
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetSystemTimeAsFileTime
CreateEventA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LocalFree
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeA

user32

VkKeyScanW
SendInput
FindWindowA
VkKeyScanA
GetMenuItemID
PostMessageA
IsWindowVisible
SetForegroundWindow
SetFocus
RealGetWindowClassA
keybd_event
FindWindowExA
SendMessageA
GetWindowTextA
BlockInput
GetForegroundWindow
DestroyWindow
GetMessageA
RegisterClassExA
PostQuitMessage
TranslateMessage
CreateWindowExA
DefWindowProcA
ShowWindow
DispatchMessageA
UpdateWindow
RegisterDeviceNotificationA
IsCharAlphaA
IsCharAlphaNumericA
SwitchToThisWindow
GetWindowThreadProcessId
IsWindow
MapVirtualKeyA

advapi32

AllocateAndInitializeSid
RegOpenKeyExA
IsTextUnicode
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
GetUserNameA
RegQueryValueExA

shell32

ShellExecuteExA
ShellExecuteA
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString

ws2_32

getaddrinfo
recv
select
ioctlsocket
gethostname
inet_ntoa
ntohl
inet_addr
htonl
htons
gethostbyname
connect
WSAStartup
send
WSAGetLastError
WSACleanup
socket
freeaddrinfo
closesocket

ntdll

ZwSystemDebugControl
NtQuerySystemInformation

shlwapi

SHDeleteKeyA

mpr

WNetCancelConnectionA
WNetUseConnectionA
WNetCancelConnection2A
WNetGetLastErrorA

rpcrt4

RpcMgmtStatsVectorFree
RpcStringBindingComposeA
RpcBindingFree
RpcBindingFromStringBindingA
RpcStringFreeA
RpcMgmtIsServerListening
RpcMgmtSetComTimeout
NdrClientCall2
RpcMgmtInqStats

comctl32

ord17

Sections

Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

4f8843ed12b2fdd0963d2ce355a58dad

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

ntdll

shlwapi

mpr

rpcrt4

comctl32

Sections

Size: 292KB - Virtual size: 292KB

Size: 64KB - Virtual size: 64KB

Size: 32KB - Virtual size: 32KB

Size: 56KB - Virtual size: 56KB

.avc Size: 8KB - Virtual size: 8KB

.avc
Size: 8KB - Virtual size: 8KB