metasploit | 88db015601ebaa71c3c310bbf5b3879d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88db015601ebaa71c3c310bbf5b3879d_JaffaCakes118
Size

116KB
MD5

88db015601ebaa71c3c310bbf5b3879d
SHA1

4721a89fba4bc842bccf2d93269d8656bd579d35
SHA256

5b959c91697c67700bbd4ccc1870eb986dd606085d8612c57dc73c4d14ac511b
SHA512

5dd364d64178b345e81a7774c84f6bbae5b9c50b6025970fc4910b8dd517617cf9621d77c915ad7447130c434a0a03aad851d513649b06bc852fd7563be2651a
SSDEEP

3072:hINzqefJO9/Z0b7fXhVWBVGFalEaqOfhoG3:aNOef0/m7fXhwBVX2MoG

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88db015601ebaa71c3c310bbf5b3879d_JaffaCakes118

Files

88db015601ebaa71c3c310bbf5b3879d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8100cc81487363d6c06c74439e7b291c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetFileSize
GetComputerNameA
GetVersionExA
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
TerminateProcess
CreateProcessA
FreeLibrary
TerminateThread
ReadFile
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
GetWindowsDirectoryA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
LocalFree
CreateFileA
CloseHandle
DeleteFileA
GetCurrentProcessId
CreateMutexA
GetLastError
SetErrorMode
GetSystemTime
ExitProcess
CopyFileA
GetLocaleInfoA
GetCurrentProcess
SetProcessWorkingSetSize
GetTickCount
Sleep
GetShortPathNameA
GetEnvironmentVariableA
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
SetFileAttributesA
LoadLibraryA

user32

GetClipboardData
CloseClipboard
SetWindowsHookExA
GetMessageA
OpenClipboard
UnhookWindowsHookEx
CallNextHookEx
SetKeyboardState
DispatchMessageA
GetActiveWindow
GetWindowTextA
GetKeyNameTextA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx

advapi32

RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegEnumValueA
RegCreateKeyExA

msvcrt

_onexit
__dllonexit
fopen
fclose
fread
free
sscanf
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
sprintf
??1type_info@@UAE@XZ
strstr
strncat
_snprintf
strncpy
_vsnprintf
toupper
islower
rand
srand
atol
system
atoi
strtok
__CxxFrameHandler

netapi32

NetShareDel

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetGetConnectedStateEx

ws2_32

gethostname
gethostbyaddr
inet_addr
getsockname
ntohs
WSAIoctl
bind
WSASocketA
accept
listen
getpeername
inet_ntoa
select
ioctlsocket
htonl
setsockopt
WSAStartup
WSACleanup
gethostbyname
socket
connect
shutdown
closesocket
recv
WSACloseEvent
send
__WSAFDIsSet
htons

ntdll

ZwSystemDebugControl
NtQuerySystemInformation

oleaut32

GetErrorInfo

Sections

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8100cc81487363d6c06c74439e7b291c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

shell32

wininet

ws2_32

ntdll

oleaut32

Sections

.data Size: 102KB - Virtual size: 102KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 12KB - Virtual size: 11KB

.data
Size: 102KB - Virtual size: 102KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 12KB - Virtual size: 11KB