metasploit | d32cb9a90cfcc6511de6c76633c45b1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d32cb9a90cfcc6511de6c76633c45b1d_JaffaCakes118
Size

295KB
MD5

d32cb9a90cfcc6511de6c76633c45b1d
SHA1

a14a5d9162afcc2933155d1f4e3084f9a5879d0a
SHA256

9bea6663bfb525bbaa3e6ef901759cda33f7ce6daa862bc519666c6e86fb7a54
SHA512

d80d785da0c66e6c58be15dfdd013442234318b30d3f77db49212c96d1d7b8cd07d700636db58eb1b292cf3bacddebf91ec491ac14eb041cad613e32d684c4bb
SSDEEP

6144:I2YNzePdWqbYsNY+CT9rPhFjuVQLKJJfEmgoxqe/n2EBbVs:eNz46vhrPqQLigoxqkN2

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d32cb9a90cfcc6511de6c76633c45b1d_JaffaCakes118

Files

d32cb9a90cfcc6511de6c76633c45b1d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

26fbf291a240b90efae516aa59675d40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDlgItem
IsDlgButtonChecked
PostMessageA
MessageBoxW
KillTimer
SetTimer
DialogBoxParamW
DialogBoxParamA
SetWindowLongA
GetWindowLongA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextLengthA
GetWindowTextA
SetWindowTextW
SetWindowTextA
SendMessageW
SendMessageA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
EndDialog

oleaut32

SysAllocString
VariantClear
SysFreeString

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetFileInfoA
SHBrowseForFolderA

ole32

CoUninitialize
CoInitialize

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
memcpy
free
malloc
memmove
_CxxThrowException
_purecall
memcmp
__CxxFrameHandler

kernel32

WideCharToMultiByte
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
FileTimeToLocalFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleHandleW
GetProcAddress
FileTimeToSystemTime
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetCurrentDirectoryW
GetCurrentDirectoryA
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
MoveFileW
RemoveDirectoryW
SetFileAttributesW
MoveFileA
RemoveDirectoryA
SetFileAttributesA
SetLastError
CreateFileW
SetFileTime
CloseHandle
FormatMessageW
FormatMessageA
LocalFree
GetModuleFileNameW
GetModuleFileNameA
AreFileApisANSI
GetCommandLineW
DeleteCriticalSection
GetVersionExA
MultiByteToWideChar
GetLastError

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

26fbf291a240b90efae516aa59675d40

Headers

File Characteristics

Imports

user32

oleaut32

shell32

ole32

msvcrt

kernel32

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 6KB - Virtual size: 5KB