metasploit | 8aef7a4ce5aacfe3dfa86d2ee4fa08f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8aef7a4ce5aacfe3dfa86d2ee4fa08f7_JaffaCakes118
Size

337KB
MD5

8aef7a4ce5aacfe3dfa86d2ee4fa08f7
SHA1

a7b596029107f77afb30157478e1d4f7036f94be
SHA256

6740a609fedfaa0fe9face50695bf50137d2f7cc8f2ec866aceda0f38811ad93
SHA512

d789d009051b074384dfa0ec264db8e49e853515aa6439cc5b642b6b11f0d73ff59ab80a01a7b85af0cf2657e6ff81588d89a029e03bfd5e939368fc9ec558a9
SSDEEP

3072:StdxLPLZxiDXJrlnbeECRZ2lTUTuByrUPbKrakesd2FeLyCujCX9SjyGe:SF7ip1LCXCTUTuB4UerhcFtCoCX9Sm

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8aef7a4ce5aacfe3dfa86d2ee4fa08f7_JaffaCakes118

Files

8aef7a4ce5aacfe3dfa86d2ee4fa08f7_JaffaCakes118
.exe windows:6 windows x64 arch:x64

d0058544e4588b1b2290b7f4d830eb0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmd.pdb

Imports

msvcrt

memset
memcpy
memcmp
_setjmp
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
calloc
free
_wcslwr
qsort
_dup2
_dup
_close
_open_osfhandle
swscanf
_ultoa
_pipe
wcsncmp
_setmode
exit
iswxdigit
time
srand
_wtol
fflush
wcsstr
iswalpha
wcstoul
_errno
printf
rand
_iob
fprintf
wcsrchr
realloc
towlower
setlocale
_wcsupr
iswdigit
_wcsicmp
iswspace
wcschr
memmove
fgets
_pclose
ferror
feof
_wpopen
_wcsnicmp
_vsnwprintf
wcstol
_get_osfhandle
_getch
towupper
wcsspn
_tell
longjmp
_local_unwind

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeHeap
NtFsControlFile
NtOpenThreadToken
NtClose
NtOpenProcessToken
NtQueryInformationToken
RtlDosPathNameToNtPathName_U
RtlFindLeastSignificantBit
NtSetInformationProcess
NtQueryInformationProcess
RtlNtStatusToDosError

kernel32

GetTimeFormatW
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
DelayLoadFailureHook
LoadLibraryExA
FreeLibrary
CreateHardLinkW
CreateSymbolicLinkW
GetVolumePathNameW
GetThreadLocale
ResumeThread
SetProcessAffinityMask
GetNumaNodeProcessorMaskEx
GetThreadGroupAffinity
FindFirstFileExW
GetDiskFreeSpaceExW
FindNextStreamW
FindFirstStreamW
DeviceIoControl
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
SetCurrentDirectoryW
SetFileTime
DeleteFileW
SetEndOfFile
SetFileAttributesW
CopyFileW
CreateDirectoryW
SetConsoleTextAttribute
FillConsoleOutputAttribute
ScrollConsoleScreenBufferW
GetACP
FormatMessageW
FlushFileBuffers
DuplicateHandle
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
HeapSetInformation
GetCurrentThreadId
OpenThread
GetFileAttributesExW
GetDriveTypeW
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetWindowsDirectoryW
SetConsoleCtrlHandler
InitializeCriticalSection
ExpandEnvironmentStringsW
CancelSynchronousIo
GetVolumeInformationW
GlobalFree
GlobalAlloc
SetFilePointerEx
WriteFile
SearchPathW
LocalFree
SetConsoleTitleW
MoveFileExW
MoveFileW
QueryFullProcessImageNameW
ReadProcessMemory
LoadLibraryW
RegSetValueExW
RegCreateKeyExW
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
VirtualQuery
CmdBatNotification
GetCPInfo
GetConsoleOutputCP
SetThreadLocale
GetProcAddress
GetModuleHandleW
CloseHandle
GetLastError
SetFilePointer
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
ReadFile
MultiByteToWideChar
GetFileSize
WideCharToMultiByte
lstrcmpiW
lstrcmpW
GetStdHandle
FlushConsoleInputBuffer
HeapAlloc
GetProcessHeap
HeapFree
GetConsoleScreenBufferInfo
ReadConsoleW
SetConsoleCursorPosition
FillConsoleOutputCharacterW
WriteConsoleW
GetFileType
GetUserDefaultLCID
GetLocaleInfoW
SetLocalTime
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
RegDeleteValueW
GetLocalTime
GetConsoleMode
SetConsoleMode
GetEnvironmentVariableW
GetCommandLineW
GetNumaHighestNodeNumber
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentStringsW
GetConsoleTitleW
GetVDMCurrentDirectories
SetErrorMode
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetStartupInfoW
CreateProcessW
GetConsoleWindow
GetFileAttributesW
NeedCurrentDirectoryForExePathW
GetBinaryTypeW
RegOpenKeyExW
RegCloseKey
SetLastError
RegQueryValueExW
RegDeleteKeyExW
GetCurrentProcessId

winbrand

BrandingFormatString

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d0058544e4588b1b2290b7f4d830eb0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

winbrand

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 117KB - Virtual size: 116KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 117KB - Virtual size: 116KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 292B