metasploit | a57f466aebe6d67df190a86fa9b0edac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a57f466aebe6d67df190a86fa9b0edac_JaffaCakes118
Size

796KB
MD5

a57f466aebe6d67df190a86fa9b0edac
SHA1

699f9d42b429fdb8a4b1c12cbf47bce2b0002c58
SHA256

9c2a4f8258009e67e8599e165823731509896391536045ef4b3d6b84056895a2
SHA512

3a207d0d5651047d6708d09a20e5c1efcb454e17e5a6dbd3bba03553969e9695fc52e8d691bc08fb5eae7fde5db28ddb5d2c158b7de0d51dc766728bb79f8a26
SSDEEP

24576:GbVqx/63CAC7NXn6ffPKseSpaOoJgXpiyMElgv9X:G443CASdcqgpaBJ85B+

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a57f466aebe6d67df190a86fa9b0edac_JaffaCakes118

Files

a57f466aebe6d67df190a86fa9b0edac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5cd41df442497027d4223310c385ce10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

CreateProcessA
GetTempPathA
CreateThread
ExitProcess
SetPriorityClass
GetLocaleInfoA
MoveFileExA
GetCurrentProcess
GetCurrentThread
SetProcessPriorityBoost
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
OpenMutexA
CreateMutexA
ReleaseMutex
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
CopyFileA
SetFileAttributesA
GetCurrentProcessId
DeleteFileA
lstrlenA
FreeLibrary
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
lstrcmpiA
WinExec
GetLogicalDriveStringsA
SetLastError
Sleep
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventA
LeaveCriticalSection
ExitThread
EnterCriticalSection
OpenEventA
WaitForMultipleObjects
DeleteCriticalSection
MultiByteToWideChar
GetProcessHeap
VirtualProtectEx
WriteFile
LocalFree
FlushFileBuffers
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
GetTickCount
CreateFileA
CloseHandle
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
Process32First
GetComputerNameA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
VirtualQuery
InitializeCriticalSection
HeapFree
UnhandledExceptionFilter
GetOEMCP
GetACP
GetStdHandle
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
HeapAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapReAlloc
InterlockedExchange

user32

FindWindowA
IsWindow
GetWindowThreadProcessId
SwitchToThisWindow
IsCharAlphaNumericA
IsCharAlphaA
RegisterDeviceNotificationA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
GetForegroundWindow
BlockInput
GetWindowTextA
SendMessageA
FindWindowExA
keybd_event
RealGetWindowClassA
SetFocus
SetForegroundWindow
IsWindowVisible
VkKeyScanW
SendInput
MapVirtualKeyA
VkKeyScanA
GetMenuItemID
PostMessageA

advapi32

IsTextUnicode
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
GetUserNameA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteExA
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit

ws2_32

recv
select
send
gethostbyname
closesocket
socket
WSACleanup
WSAGetLastError
inet_addr
WSAStartup
connect
htonl
ntohl
inet_ntoa
gethostname
ioctlsocket
setsockopt
htons

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

shlwapi

SHDeleteKeyA

mpr

WNetCancelConnectionA
WNetUseConnectionA
WNetCancelConnection2A
WNetGetLastErrorA

rpcrt4

RpcMgmtStatsVectorFree
RpcBindingFree
RpcBindingFromStringBindingA
RpcStringFreeA
RpcMgmtIsServerListening
RpcMgmtSetComTimeout
NdrClientCall2
RpcMgmtInqStats
RpcStringBindingComposeA

comctl32

ord17

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mfnl5f32
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8.ohbi4v
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

e7l8.9dy
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1tirlsg1
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jwlcyo26
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

5cd41df442497027d4223310c385ce10

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

ntdll

shlwapi

mpr

rpcrt4

comctl32

Sections

.text Size: 372KB - Virtual size: 372KB

mfnl5f32 Size: 8KB - Virtual size: 8KB

8.ohbi4v Size: 4KB - Virtual size: 4KB

e7l8.9dy Size: 108KB - Virtual size: 108KB

1tirlsg1 Size: 256KB - Virtual size: 256KB

jwlcyo26 Size: 44KB - Virtual size: 44KB

.text
Size: 372KB - Virtual size: 372KB

mfnl5f32
Size: 8KB - Virtual size: 8KB

8.ohbi4v
Size: 4KB - Virtual size: 4KB

e7l8.9dy
Size: 108KB - Virtual size: 108KB

1tirlsg1
Size: 256KB - Virtual size: 256KB

jwlcyo26
Size: 44KB - Virtual size: 44KB