metasploit | dc81cc00e3c1ba653ce977be0eb0dcf8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc81cc00e3c1ba653ce977be0eb0dcf8_JaffaCakes118
Size

400KB
MD5

dc81cc00e3c1ba653ce977be0eb0dcf8
SHA1

63e2188464b88851c1c3d0d69ff3ce190c604d32
SHA256

dade3789c963ce12b46fd92df6687fbbd154ecdcfaafb52c29532fe6f7680077
SHA512

d089068a79d3a51eba20ca85ff642898f893c95f13a4fb579ee797e51001467a8dfde0bc005adfc02e17ce887ca39c3d0e02b19d99d7ea7e61e1f8e066e17bbe
SSDEEP

6144:/SC9dIz3FeP8TdEbn/I/yBfZuk8sVHhVZAVmIBQjIufF6/f4/DQ2CbungNrf:qCDIz3FeP8TdEbUsVHhVdIBQjIMOt

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc81cc00e3c1ba653ce977be0eb0dcf8_JaffaCakes118

Files

dc81cc00e3c1ba653ce977be0eb0dcf8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4b0fe5aa4c5fd9cc702a757dbe83924

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EmptyClipboard
OpenClipboard
VkKeyScanA
SetClipboardData
ShowWindow
SetFocus
SetForegroundWindow
BlockInput
wsprintfA
keybd_event
CloseClipboard

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

ws2_32

closesocket
send
connect
gethostbyname
socket
recv
htons
shutdown
accept
gethostname
inet_ntoa
inet_addr
__WSAFDIsSet
select
listen
bind
ioctlsocket
setsockopt
WSAStartup
WSACleanup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetTimeFormatA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
OutputDebugStringA
GetStdHandle
DebugBreak
HeapAlloc
Sleep
MultiByteToWideChar
ReadFile
WriteFile
TransactNamedPipe
CloseHandle
CreateFileA
WaitForSingleObject
GetLastError
CreateEventA
CopyFileA
WideCharToMultiByte
GetTickCount
DeleteFileA
CreateProcessA
OpenProcess
GetCurrentProcessId
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
ExitProcess
CreateMutexA
MoveFileA
GetTempPathA
CreateThread
ExitThread
SetFilePointer
GetFileSize
GetLocalTime
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
GetComputerNameA
GetDateFormatA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
TerminateProcess
GetLogicalDrives
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
ReadProcessMemory
CreateDirectoryA
GetWindowsDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
LoadLibraryA
GlobalAlloc
InterlockedDecrement
lstrcpynA
lstrcmpA
lstrcpyA
lstrlenA
GetLocaleInfoA
GetVersionExA
GlobalMemoryStatus
TerminateThread
GetSystemTime
IsBadWritePtr
IsBadReadPtr
HeapValidate
RtlUnwind
GetTimeZoneInformation
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
FatalAppExitA

Sections

.text
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b4b0fe5aa4c5fd9cc702a757dbe83924

Headers

File Characteristics

Imports

user32

ole32

oleaut32

ws2_32

version

kernel32

Sections

.text Size: 273KB - Virtual size: 272KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 62KB - Virtual size: 394KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 273KB - Virtual size: 272KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 62KB - Virtual size: 394KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 18KB - Virtual size: 17KB