metasploit | 40ce8c2cb3863292b3dcbf8e822a2db7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40ce8c2cb3863292b3dcbf8e822a2db7_JaffaCakes118
Size

381KB
MD5

40ce8c2cb3863292b3dcbf8e822a2db7
SHA1

8fcc09cd5f37f103e08b986db7d8c732eb9f69a7
SHA256

2dda87e5d305be49e3c771c438eedd093bbe13bc8609beb600e3ca3e9e4c363d
SHA512

7cc0371c853e96e7fc542e94c771125d222dc7b4f638dd1715c9fbce03a81447883aec219b3590779f2f12531d3726fb8bef64d2ea205f25d859bb3e45d78c05
SSDEEP

6144:W6w2lny36fEH4l93wx4J/ZRkfjd4tFs2s3tm+6xSFgOQkfqf9bp:Z8qfEH47qeZRC4tFqc+6xIg9kC9bp

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.91.143:4444

Signatures

Metasploit family
metasploit

Files

40ce8c2cb3863292b3dcbf8e822a2db7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b5b9a3c9f35a81554e2618a8297dca2e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

66:50:ca:f1:be:a0:b3:70:04:97:cf:af:bc:37:df:05:99:42:0b:46
Signer

Actual PE Digest

66:50:ca:f1:be:a0:b3:70:04:97:cf:af:bc:37:df:05:99:42:0b:46

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\Psinfo\Exe\Release\Psinfo.pdb

Imports

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

inet_ntoa
WSAStartup
gethostbyname
gethostname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetTickCount
CloseHandle
CreateFileW
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
GetConsoleScreenBufferInfo
LockResource
SizeofResource
LoadResource
FindResourceW
DeleteFileW
GetSystemDirectoryW
GetComputerNameW
WaitForSingleObject
MultiByteToWideChar
Sleep
GetVersion
GetModuleFileNameW
SetEvent
ConnectNamedPipe
ReadFile
GetDateFormatW
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetLastError
GetLastError
GetProcAddress
GetCommandLineW
LocalAlloc
LocalFree
LoadLibraryW
SetErrorMode
GetModuleHandleW
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceExW
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetCurrentProcess
InterlockedExchange
SetConsoleCtrlHandler
FlushFileBuffers
CreateFileA
RtlUnwind
GetConsoleCP
WideCharToMultiByte
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA

user32

GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextW
LoadCursorW
SetCursor
InflateRect
SendMessageW
DialogBoxIndirectParamW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

ImpersonateLoggedOnUser
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LogonUserW
RegConnectRegistryW
RevertToSelf
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

b5b9a3c9f35a81554e2618a8297dca2e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

66:50:ca:f1:be:a0:b3:70:04:97:cf:af:bc:37:df:05:99:42:0b:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pdh

version

netapi32

ws2_32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 5KB - Virtual size: 42KB

.rsrc Size: 162KB - Virtual size: 161KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

66:50:ca:f1:be:a0:b3:70:04:97:cf:af:bc:37:df:05:99:42:0b:46
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 5KB - Virtual size: 42KB

.rsrc
Size: 162KB - Virtual size: 161KB