metasploit | dcca0dc3ddec3903ab8c3f7247068e01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcca0dc3ddec3903ab8c3f7247068e01_JaffaCakes118
Size

676KB
MD5

dcca0dc3ddec3903ab8c3f7247068e01
SHA1

bba529421e74321eccb0e92f8454cad908ca637c
SHA256

372bda38237792dc2da24dfe93f8d49ad54e8daa70a2d32ac23f3469922c3e56
SHA512

4de89bd17d48b26a1afd893d065cd25e58f810848ba90eb185238c05c31c8d0cfc47836618453b7d9386b2273ca7a654474b3eff5b93820f13e98992fbcbf5af
SSDEEP

6144:Qm1Sod1z9vRTMZsQK7Q6aR6GhHfzHUeo6hE1pxE4nCX3mZPaBy:QYPbUKMPlh/sY0CmZPK

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcca0dc3ddec3903ab8c3f7247068e01_JaffaCakes118

Files

dcca0dc3ddec3903ab8c3f7247068e01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42f4c9ad6fe36d621c08d7ab560d3340

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

Sleep
MultiByteToWideChar
ReadFile
CloseHandle
WriteFile
TransactNamedPipe
CreateFileA
WaitForSingleObject
GetLastError
CreateEventA
CopyFileA
WideCharToMultiByte
GetTickCount
GetLocalTime
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
ExitProcess
GetSystemDirectoryA
ExitThread
GetExitCodeProcess
PeekNamedPipe
CreateThread
DuplicateHandle
GetCurrentProcess
CreatePipe
GetComputerNameA
SetFilePointer
GetFileSize
TerminateProcess
OpenProcess
GetLogicalDrives
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
MoveFileA
DeleteFileA
GetCurrentProcessId
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReadProcessMemory
CreateDirectoryA
GetWindowsDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
LoadLibraryA
GetProcAddress
GlobalAlloc
InterlockedDecrement
lstrcpynA
lstrcmpA
lstrcpyA
lstrlenA
GetLocaleInfoA
GetVersionExA
GlobalMemoryStatus
TerminateThread
GetSystemTime
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
HeapSize
VirtualQuery
InterlockedExchange
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapAlloc
HeapFree
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate

user32

SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
ShowWindow
SetFocus
SetForegroundWindow
keybd_event
BlockInput
VkKeyScanA
wsprintfA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

ws2_32

send
closesocket
connect
gethostbyname
socket
recv
htons
shutdown
WSACleanup
gethostname
inet_ntoa
inet_addr
WSAStartup
accept
__WSAFDIsSet
select
listen
bind
ioctlsocket
setsockopt

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

0
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

2
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

42f4c9ad6fe36d621c08d7ab560d3340

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

ws2_32

version

Sections

0 Size: 152KB - Virtual size: 152KB

1 Size: 40KB - Virtual size: 40KB

2 Size: 356KB - Virtual size: 356KB

3 Size: 8KB - Virtual size: 8KB

4 Size: 68KB - Virtual size: 68KB

5 Size: 8KB - Virtual size: 8KB

6 Size: 40KB - Virtual size: 40KB

0
Size: 152KB - Virtual size: 152KB

1
Size: 40KB - Virtual size: 40KB

2
Size: 356KB - Virtual size: 356KB

3
Size: 8KB - Virtual size: 8KB

4
Size: 68KB - Virtual size: 68KB

5
Size: 8KB - Virtual size: 8KB

6
Size: 40KB - Virtual size: 40KB