metasploit | bd99789663a779c039e481dd876de1b9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd99789663a779c039e481dd876de1b9_JaffaCakes118
Size

67KB
MD5

bd99789663a779c039e481dd876de1b9
SHA1

8a121b78a2b9c875e8c8351d2d7494286c5489e9
SHA256

8865b628edc54ebacb8daa03629ce969eb1ae2d6eb91536b1ae4aaa072dc1832
SHA512

219110ddd1e6c0f0b7d03e292eb77f2293e7385077b8be9669e623be4edb6af70cdae5b2db09119b32e43f73ded7949a61db6874f00051b7631b809a36acf923
SSDEEP

1536:Uw8Lmoskp87NFKZaLnsXckrtnC3msr2Je:ICMp87WZaLn8N5C3mM2Je

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd99789663a779c039e481dd876de1b9_JaffaCakes118

Files

bd99789663a779c039e481dd876de1b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a72e70ce0a8975c56c8e83b9da20c7a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send
inet_ntoa
connect
socket
sendto
WSAStartup
recv
gethostname
gethostbyname
ioctlsocket
shutdown
closesocket
htons

advapi32

GetUserNameA

user32

wsprintfA
CharLowerA

mpr

WNetAddConnection2A

shell32

SHChangeNotify
ShellExecuteExA

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntry

msvcrt

_ftol
_strcmpi
strncat
ceil
time
_stricmp
sscanf
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
strtok
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strncpy
atoi
atol
rand
sprintf
srand
strchr
strrchr
strcpy
_except_handler3
strcmp
strstr
_snprintf
strcspn
??2@YAPAXI@Z
_vsnprintf
strlen
malloc
memcpy
strcat
_initterm
free
memset
memcmp

kernel32

GetStartupInfoA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TransactNamedPipe
ReadFile
CreateEventA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
SetProcessPriorityBoost
CopyFileA
GetWindowsDirectoryA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetFileTime
SetFileTime
GetFileAttributesA
CreateMutexA
SetFileAttributesA
TerminateThread
OpenProcess
TerminateProcess
GetCurrentThread
WinExec
LocalAlloc
LocalFree
DeleteFileA
ReleaseMutex
GetCurrentProcess
ExpandEnvironmentStringsA
CreateFileA
ExitThread
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
lstrcmpiA
CreateThread
Sleep
GetLastError
GetTempPathA
GetTickCount
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetVersionExA
GetLocaleInfoA

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

a72e70ce0a8975c56c8e83b9da20c7a1

Headers

File Characteristics

Imports

wsock32

advapi32

user32

mpr

shell32

iphlpapi

wininet

msvcrt

kernel32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 19KB - Virtual size: 363KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 19KB - Virtual size: 363KB