metasploit | 5ef96d8b0652249b6397eab8f9a1a2fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ef96d8b0652249b6397eab8f9a1a2fc_JaffaCakes118
Size

210KB
MD5

5ef96d8b0652249b6397eab8f9a1a2fc
SHA1

6e37c8d5b8f971dab366f035763ba8752f376ae8
SHA256

41aa3e7970dc3d9255b8018747367cef430a33c830a9bbee68de54b3a490ebe7
SHA512

60eaf39e039964d7c455af04695a5413769fa46f333588787b9eda7cdcee99e1d2adcea0a018a8d6eb5be7c309dffac56e1d8a9fe0e57f51b7ad20e96be80029
SSDEEP

3072:vUXZb9xCWdFv207jxBgoqhErntNDHpaZR47tCsKD4QhM/2AyXlX:8XF9xCWdFu07jxBgoqhERNIZRtsGhr9

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.1.2:1985

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ef96d8b0652249b6397eab8f9a1a2fc_JaffaCakes118

Files

5ef96d8b0652249b6397eab8f9a1a2fc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1744867817464bf7dd34561e44925565

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_controlfp
_initterm
__getmainargs
_acmdln
exit
_cexit
__setusermatherr
_XcptFilter
_exit
_c_exit
wcscpy
_wcsicmp
free
_ftol
malloc

advapi32

RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
CheckTokenMembership

kernel32

lstrlenW
GetSystemWindowsDirectoryW
LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
GetProcAddress
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
CreateMutexW
SetLastError
GetCommandLineW
GetWindowsDirectoryW
lstrcmpW
ExitProcess
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
lstrcatW
GetNumberFormatW
lstrcpyW
LoadLibraryA

gdi32

CreateFontIndirectW
CreatePenIndirect
SetTextColor
BitBlt
SetBkColor
CreateSolidBrush
CreateCompatibleDC
SetMapMode
TextOutW
GetTextMetricsW
SetBkMode
RealizePalette
SelectPalette
GetObjectW
StretchBlt
CreateBitmap
DeleteDC
CreateRoundRectRgn
SelectObject
Polyline
DeleteObject

user32

FindWindowW
MapVirtualKeyW
GetAsyncKeyState
GetMenu
SetTimer
SendMessageW
GetDlgItem
EndDialog
LoadStringW
EnableWindow
MessageBoxW
DialogBoxParamW
IsWindow
GetKeyboardLayout
GetWindowThreadProcessId
wsprintfW
CheckDlgButton
GetClientRect
DestroyWindow
InvalidateRect
WinHelpW
GetKeyboardType
SetClassLongW
RegisterClassW
GetClassInfoW
LoadCursorW
CreateWindowExW
GetSystemMetrics
SetWindowPos
SetWindowLongW
GetKeyState
wsprintfA
DrawIconEx
LoadImageW
SetWindowRgn
ToUnicodeEx
LoadIconW
GetWindowLongW
GetSysColor
ReleaseDC
GetDC
MapVirtualKeyExW
CloseDesktop
GetUserObjectInformationW
OpenDesktopW
OpenInputDesktop
PostMessageW
SetThreadDesktop
GetThreadDesktop
EndPaint
BeginPaint
DefWindowProcW
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
CloseWindowStation
MoveWindow
GetDesktopWindow
GetWindowRect
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
ShowWindow
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
RegisterWindowMessageW
KillTimer
EnableMenuItem
CheckMenuRadioItem
CheckMenuItem
ReleaseCapture
SetCapture
SetCursor
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
PostQuitMessage
SendInput
ActivateKeyboardLayout

msswch

ord8
ord13
ord12
ord11
ord9
ord1
ord14
ord10

comdlg32

ChooseFontW

winmm

PlaySoundW

shell32

ord258
ShellExecuteW

comctl32

ord17

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

1744867817464bf7dd34561e44925565

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

msswch

comdlg32

winmm

shell32

comctl32

ole32

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 90KB - Virtual size: 89KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 90KB - Virtual size: 89KB