metasploit | a15b0bdcfdc897a3214699b7245984ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a15b0bdcfdc897a3214699b7245984ea_JaffaCakes118
Size

301KB
MD5

a15b0bdcfdc897a3214699b7245984ea
SHA1

45ef8bd00fe3395322ee517a800998ecb98586a2
SHA256

abd78c48e6bc063ad2b0a1d22eea49828f5a8e3268c8779a97f9f84404e9016a
SHA512

a8ae1db15fbc08cc36bd0da38321fa4c455e302a43847daec0f2565b84965e324a7d6d48d9e00529de8ae7a86b899b0f03af0fd7eb43f625c8b2449b676b1ab9
SSDEEP

6144:BozS8tVwcNuYyw1pOQju5lRWy8tjTpAq+wSJwzcuJho4BVL6:8S8tRuLw1pJ2+VA0zNG4BVu

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a15b0bdcfdc897a3214699b7245984ea_JaffaCakes118

Files

a15b0bdcfdc897a3214699b7245984ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1bf1f8db3322f4173bfb272d53e79d6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
bind
listen
select
__WSAFDIsSet
accept
gethostbyname
shutdown
inet_addr
htons
setsockopt
send
recv
ntohs
inet_ntoa
socket
ioctlsocket
connect
closesocket

kernel32

CreateProcessA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
IsBadCodePtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
ExitThread
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemDirectoryA
GetLocalTime
WriteFile
CloseHandle
CreateFileA
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
GetLastError
CreateThread
GetFileSize
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
ReadFile
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetEnvironmentVariableW
GetProcAddress
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
OpenProcess
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
SetFileAttributesA
GetTempPathA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
GetVersionExA
GlobalMemoryStatus
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetComputerNameA
DeleteFileA
GetCurrentProcessId
CopyFileA
WaitForSingleObject
CreateMutexA
MoveFileA
TerminateThread
TerminateProcess
lstrcmpiA
GetLocaleInfoA
GetLogicalDrives
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
HeapSize

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 1001KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

1bf1f8db3322f4173bfb272d53e79d6f

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 126KB - Virtual size: 1001KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 126KB - Virtual size: 1001KB