metasploit | 74a51d5038ef9126cd1f5494b0618cbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74a51d5038ef9126cd1f5494b0618cbe_JaffaCakes118
Size

68KB
MD5

74a51d5038ef9126cd1f5494b0618cbe
SHA1

fd4c7b189fb8c58302eb6d49d2c3113034c96525
SHA256

fce5ca248bcdb6c9ba31a3bb3fb5a641bef190a1627d7c0f05af1c47ade3a321
SHA512

134baf6487907e540f415b0a8f5799a371c8a89bed52fe1a296158d3869530786a17f79a428245ab462296b0690ce29aed48d0a94b3335e1d4fb9aa950bc90aa
SSDEEP

1536:wXX6+xrBF9BYeaMelT8MUwxXW41uR7E24lozOlAh:wHpDSF8M1V2R7Exlo00

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74a51d5038ef9126cd1f5494b0618cbe_JaffaCakes118

Files

74a51d5038ef9126cd1f5494b0618cbe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2dc40c6a78037ae999aca40eedfe53e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetTempPathA
ResetEvent
WaitForSingleObject
OutputDebugStringA
SetSystemTime
GetSystemTime
WinExec
GetFileSize
FreeLibrary
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
CreateFileW
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
Module32First
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
CreateDirectoryA
CreateThread
SetEvent
Sleep
CreateEventA
OutputDebugStringW
lstrcpyW
OpenEventA
GetCommandLineA
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TransactNamedPipe
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetStartupInfoA
ExitProcess
DeleteFileA
ReadFile
SetFilePointer
lstrlenA
GetSystemDirectoryA
lstrcatA
lstrcpynA
lstrcpyA
CreateFileA
DeviceIoControl
CloseHandle
CopyFileA
SetFileAttributesA
WriteFile
FlushFileBuffers
GetModuleFileNameA
GetTickCount

mpr

WNetAddConnection2A
WNetCancelConnection2A

ws2_32

select
listen
accept
WSAGetLastError
recv
closesocket
send
htons
inet_addr
WSAStartup
gethostname
gethostbyname
inet_ntoa
bind
connect
socket
__WSAFDIsSet

iphlpapi

SendARP

rpcrt4

UuidFromStringA
UuidToStringA

user32

wsprintfA
wvsprintfA
IsCharAlphaNumericA
ShowWindow
FindWindowA
SendMessageA

advapi32

CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
ChangeServiceConfigA
StartServiceA
DeleteService
ChangeServiceConfig2A
CreateServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
QueryServiceStatus

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

2dc40c6a78037ae999aca40eedfe53e7

Headers

File Characteristics

Imports

kernel32

mpr

ws2_32

iphlpapi

rpcrt4

user32

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 36KB - Virtual size: 66KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 36KB - Virtual size: 66KB