metasploit | d368f759e18af243c8442fb2e0a75675_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d368f759e18af243c8442fb2e0a75675_JaffaCakes118
Size

28KB
MD5

d368f759e18af243c8442fb2e0a75675
SHA1

218dc1225c24fd244f2b65b39b0dacb4bc18aa68
SHA256

95539f8853e5459e50bcf81ffbeb756c51537aaa916a8118bee4ae98793aa9c1
SHA512

c11c59a955dec4bd82ca4b9ca703372c7ae01a3d7c5a55ba80627451081b3bc54543bc3b057e5298cf555b6884027d82423e7cb2898c64266b68ce513e48c368
SSDEEP

768:jZoBO/0GWtPXhSmK2C2C20ucKfMVLhPShJ3HgP:jZsOjWtPXhSmKZZHSh

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d368f759e18af243c8442fb2e0a75675_JaffaCakes118

Files

d368f759e18af243c8442fb2e0a75675_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fa6ad02efb6d7e056c5220882146012d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlRandom
LdrAddRefDll
ZwCreateEvent
atol
sscanf
RtlImageNtHeader
atoi
_snwprintf
_snprintf
strncpy
RtlInitUnicodeString
RtlUnwind
_chkstk
memset
NtQueryVirtualMemory

ws2_32

closesocket
send
htons
socket
recv
WSAGetLastError
connect
WSAStartup

shlwapi

PathAppendA
PathAddExtensionA
PathFileExistsW
SHSetValueA
SHGetValueA
StrStrIA
StrStrIW
PathFindFileNameA
PathRemoveExtensionA
PathFileExistsA
SHDeleteValueA
PathRemoveExtensionW
PathFindFileNameW
SHSetValueW
SHGetValueW

wininet

InternetCloseHandle
InternetReadFile
InternetSetOptionA
InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetQueryOptionA
HttpSendRequestA

iphlpapi

GetIpAddrTable

shell32

ShellExecuteW

rpcrt4

UuidToStringA
UuidFromStringA
UuidCreateSequential

mpr

WNetAddConnection2A
WNetCancelConnection2A
WNetEnumResourceA
WNetOpenEnumA
WNetCloseEnum

winspool.drv

AddPrintProvidorW

psapi

GetMappedFileNameA
GetMappedFileNameW

imagehlp

MapFileAndCheckSumA
CheckSumMappedFile

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

GetModuleFileNameA
WinExec
InitializeCriticalSection
lstrcmpiA
GetPrivateProfileIntA
LeaveCriticalSection
MoveFileExA
EnterCriticalSection
LockFile
WTSGetActiveConsoleSessionId
GetModuleHandleA
GetProcAddress
MoveFileExW
GetTempFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DeviceIoControl
DeleteFileW
CreateFileW
CopyFileW
GetCurrentProcessId
GetTempPathW
GetSystemTimeAsFileTime
GetModuleHandleW
GetPrivateProfileStringA
DeleteFileA
WriteFile
GetTempFileNameA
GetTempPathA
CreateThread
SleepEx
GetCurrentThreadId
OpenThread
QueueUserAPC
GetLastError
ReadFile
GetFileSize
TransactNamedPipe
QueueUserWorkItem
Sleep
VirtualFree
VirtualAlloc
WritePrivateProfileStringA
CloseHandle
CreateFileA
SetFileAttributesW
CopyFileA
GetTickCount
SetFileAttributesA

user32

UnregisterDeviceNotification
CharUpperBuffA
CharLowerBuffA
DefWindowProcA
CreateWindowExA
SetWindowLongA
RegisterDeviceNotificationA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
IsCharAlphaA

advapi32

CreateServiceW
CreateProcessAsUserA
GetTokenInformation
CloseServiceHandle
QueryServiceStatusEx
StartServiceA
OpenSCManagerA
OpenServiceA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

fa6ad02efb6d7e056c5220882146012d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

shlwapi

wininet

iphlpapi

shell32

rpcrt4

mpr

winspool.drv

psapi

imagehlp

wtsapi32

userenv

kernel32

user32

advapi32

ole32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB