metasploit | ab68ad2ef184417745bd7748ae6f56ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab68ad2ef184417745bd7748ae6f56ab_JaffaCakes118
Size

45KB
MD5

ab68ad2ef184417745bd7748ae6f56ab
SHA1

5bc00518c7be31e6e6bdbae0e56620b96a5d2e3e
SHA256

5f4fe02917d681cd06b37d0cd05164bb950cad0caa329b438cc300137f18b094
SHA512

d96cfc87082e87d2a9de2ee8cd7cfb8c73fca96755390977b5a34e8a6d492a0dd793a5240119faeb43e27e591b74bc8949f94e43e59228b2266c00f1055e6215
SSDEEP

768:e2oMwj/60xPqFdHaxnxbjV7OZ1Rew5r034TDWdyMD8JN4NTgLElZ1C:e2o1j/62PI+ThwG3iDmweNTZ

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab68ad2ef184417745bd7748ae6f56ab_JaffaCakes118

Files

ab68ad2ef184417745bd7748ae6f56ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc65e6be663c3571c9cd99dc044cb0a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyaddr
gethostname
socket
sendto
select
recvfrom
WSAStartup
inet_addr
gethostbyname
ioctlsocket
shutdown
closesocket
htons
setsockopt
bind
listen

advapi32

GetUserNameA

shell32

ShellExecuteExA
SHChangeNotify

iphlpapi

GetAdaptersInfo

msvcrt

fopen
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
fseek
fread
sscanf
memcmp
_strcmpi
_except_handler3
strtok
strcspn
_vsnprintf
malloc
memcpy
free
strcat
memset
strlen
??2@YAPAXI@Z
rand
sprintf
atoi
srand
strchr
strncpy
strrchr
strcpy
strcmp
strstr
_snprintf
strncat
__getmainargs

kernel32

GetStartupInfoA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
lstrlenA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TransactNamedPipe
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
SetProcessPriorityBoost
LeaveCriticalSection
TerminateThread
CopyFileA
GetWindowsDirectoryA
GetFileTime
SetFileTime
GetFileAttributesA
TerminateProcess
GetCurrentThread
GetCurrentProcess
LocalAlloc
LocalFree
GetProcAddress
LoadLibraryA
GetLocaleInfoA
CreateMutexA
SetFileAttributesA
DeleteFileA
ReleaseMutex
ExpandEnvironmentStringsA
CreateFileA
ExitThread
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
lstrcmpiA
GetTempPathA
CreateThread
Sleep
GetLastError
GetTickCount
OpenProcess
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetVersionExA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

cc65e6be663c3571c9cd99dc044cb0a4

Headers

File Characteristics

Imports

wsock32

advapi32

shell32

iphlpapi

msvcrt

kernel32

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 11KB - Virtual size: 354KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 11KB - Virtual size: 354KB