metasploit | 3433f21029295d8fbca370b196c88c05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3433f21029295d8fbca370b196c88c05_JaffaCakes118
Size

124KB
MD5

3433f21029295d8fbca370b196c88c05
SHA1

c17567cd1affb864615b75317dc9ce3b3ddc7dc2
SHA256

55a16d1164545926815b0544c497ce97581a467142f0102e7684a08084c50c51
SHA512

0418d8e362cb2c88d6106fe19e1d2c56e7ccb60a9aab07804a6122af2b69c380f820af6d803912facb4dffb17aecbd21556317de43a66e55a5d7af78c01b5fc3
SSDEEP

3072:YvqTkAi8CR5E5a/fh4a1FKmoCeC+BSKlW:cGu8wE5an6aznZxNB

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3433f21029295d8fbca370b196c88c05_JaffaCakes118

Files

3433f21029295d8fbca370b196c88c05_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d0e75cf4a46a5b771088ebea9092c7be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
inet_ntoa
ioctlsocket
bind
listen
accept
WSAGetLastError
setsockopt
sendto
inet_addr
socket
htons
connect
closesocket
htonl
send
select
__WSAFDIsSet
WSAStartup
recv
getsockname
gethostbyaddr
gethostbyname

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
VirtualQuery
GetSystemInfo
VirtualProtect
MultiByteToWideChar
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetSystemDirectoryA
SetErrorMode
Sleep
GetComputerNameA
GetTickCount
GetVersionExA
GlobalMemoryStatus
SetFileAttributesA
CopyFileA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetCurrentThreadId
Process32First
CreateToolhelp32Snapshot
WriteFile
CreateFileA
GetTempPathA
ExitThread
ReadFile
SetFilePointer
GetFileSize
CreateThread
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DeleteFileA
GetProcAddress
LoadLibraryA
FlushFileBuffers
OpenProcess
TerminateThread
GetStdHandle
GetCPInfo
GetOEMCP
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
InterlockedExchange
SetStdHandle
GetLocaleInfoA
Process32Next
TerminateProcess
GetACP
SetUnhandledExceptionFilter
HeapAlloc
ExitProcess
GetCurrentProcess
HeapFree
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr

user32

FindWindowA
SendMessageA

advapi32

SetServiceStatus
DeleteService
GetUserNameA
StartServiceCtrlDispatcherA
OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA

shell32

ShellExecuteA

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

d0e75cf4a46a5b771088ebea9092c7be

Headers

File Characteristics

Imports

ws2_32

wininet

kernel32

user32

advapi32

shell32

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 117KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 117KB