metasploit | ed1d69d06257f3c5e5cefe4815b7600c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ed1d69d06257f3c5e5cefe4815b7600c_JaffaCakes118
Size

1.6MB
MD5

ed1d69d06257f3c5e5cefe4815b7600c
SHA1

e56247fd66e243c7c52fd53439dc2f77efb2c7cd
SHA256

e10d79e6281250fc1ef43c106a5c0a06ae6a61ce496b60f8d30d61a18fd91e26
SHA512

3cd4499f8ea2b8d1e80913964da25d094f7a1e1420bbab48a211daf75218ad3836eba1f4cd3de1d8765d8a8c21f6a835780a2771bd2e74fedd1335c9535f6be3
SSDEEP

24576:zPf3haLo6eAVSm89e/uD2TNXn2zcgJ80yEi+4k2Dnabnpn1vzOe2V5jEXMMgMM9t:zPf3hmhlKJhi+VVbp1vzOe2QMMgMM9Z

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.56.102:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed1d69d06257f3c5e5cefe4815b7600c_JaffaCakes118

Files

ed1d69d06257f3c5e5cefe4815b7600c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ffd1f04880803a2cbc5373cdec3fc09a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

tolower
_vscwprintf
vswprintf
wcsncpy
_ftol
_wtoi
realloc
_wcsnicmp
_wcsicmp
wcscmp
wcsspn
wcscspn
_strlwr
calloc
memset
strtok
_mbsstr
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memmove
wcslen
_wcslwr
wcsrchr
malloc
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
free
time
_except_handler3

advapi32

FreeSid
RevertToSelf
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
ImpersonateSelf
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyA
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueA
RegDeleteValueW
RegQueryValueExA
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegQueryValueExW

kernel32

GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetStartupInfoA
GetModuleHandleA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
IsValidLocale
LoadLibraryA
GetCurrentProcessId
GetUserDefaultLCID
lstrcpynA
GetCurrentDirectoryW
GetCurrentThread
FindResourceA
GetWindowsDirectoryW
SetCurrentDirectoryW
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
GetLocalTime
SystemTimeToFileTime
ExpandEnvironmentStringsW
FindFirstFileW
GetTempPathW
GetTempFileNameW
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FormatMessageW
GetSystemDefaultUILanguage
GlobalMemoryStatus
CreateDirectoryW
GlobalFree
GetFileAttributesW
MulDiv
CreateEventA
SetUnhandledExceptionFilter
GetCommandLineW
GetModuleHandleW
WideCharToMultiByte
SetThreadLocale
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalFree
OpenEventW
SetEvent
ResetEvent
DeleteFileW
CompareStringW
VirtualAlloc
VirtualFree
GetTempFileNameA
GetWindowsDirectoryA
FileTimeToSystemTime
ExpandEnvironmentStringsA
SearchPathA
GetTempPathA
GetFileAttributesA
CopyFileA
CreateFileA
DeleteFileA
CompareFileTime
CompareStringA
GetLocaleInfoW
FormatMessageA
GetSystemTime
IsBadStringPtrA
IsBadStringPtrW
IsBadWritePtr
ResumeThread
TerminateThread
WaitForMultipleObjects
GetSystemDefaultLCID
lstrcpyW
SetLastError
FlushInstructionCache
lstrcmpiA
lstrcmpA
SetFilePointer
MoveFileExW
RtlUnwind
SetErrorMode
CreateFileMappingA
CreateMutexA
DuplicateHandle
CreateProcessW
ReleaseMutex
GlobalLock
GlobalUnlock
VirtualQuery
GetSystemInfo
GetVersion
VirtualProtect
FindClose
MoveFileW
LocalAlloc
IsDBCSLeadByteEx
GlobalAlloc
WriteFile
ReadFile
lstrcpynW
lstrcmpW
lstrlenW
lstrcmpiW
CreateFileW
GetLastError
GetFileSize
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
Sleep
CreateEventW
CreateThread
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
CloseHandle
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
RaiseException

gdi32

GetSystemPaletteEntries
BitBlt
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
SetDIBits
GetDIBits
EnumFontFamiliesExW
CreateFontIndirectW
DPtoLP
SetBkMode
GetTextExtentPoint32W
FillRgn
CreatePolygonRgn
GetTextMetricsW
Polygon
CreateBitmap
IntersectClipRect
GetClipBox
SetTextAlign
GetTextAlign
ExcludeClipRect
Rectangle
GetMapMode
SetMapMode
GetViewportExtEx
GetWindowExtEx
CreateRectRgnIndirect
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SaveDC
LPtoDP
CreateDCW
SelectClipRgn
CreateRectRgn
GetClipRgn
Ellipse
CreatePalette
GetPaletteEntries
GetStockObject
GetLayout
SetLayout
StretchBlt
GetDIBColorTable
SetTextColor
SetBkColor
CreateHalftonePalette
SelectPalette
RealizePalette
CreateSolidBrush
DeleteObject
GetDeviceCaps
CreateDIBSection
GetObjectW
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC

user32

CreateWindowExW
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperA
GetClassInfoExA
RegisterClassExA
CreateWindowExA
LoadMenuW
GetDlgItemInt
SetDlgItemInt
CheckRadioButton
LoadIconW
CheckDlgButton
LoadBitmapW
CreateDialogParamW
GetWindowLongA
SetWindowLongA
IsDlgButtonChecked
CloseWindow
GetDlgCtrlID
DrawEdge
GetLastActivePopup
GetAsyncKeyState
GetScrollInfo
CreateAcceleratorTableW
CharNextW
GetWindowTextW
SetWindowTextW
SetDlgItemTextW
ScreenToClient
LoadStringA
ModifyMenuW
SetCursorPos
MessageBoxW
IsDialogMessageW
MessageBeep
SetWindowPos
SetRectEmpty
CreatePopupMenu
BeginDeferWindowPos
EndDeferWindowPos
LoadBitmapA
RegisterClassW
RegisterWindowMessageW
GetDoubleClickTime
SetMenuDefaultItem
MoveWindow
GetForegroundWindow
TrackPopupMenuEx
DestroyIcon
LoadImageA
TrackPopupMenu
GetSysColor
DrawTextW
GetSystemMetrics
SetParent
LoadIconA
LoadMenuA
SetMenu
SetWindowPlacement
UpdateWindow
AdjustWindowRect
LoadCursorA
SetCursor
RedrawWindow
DialogBoxParamW
GetDlgItemTextW
GetDlgItem
EndDialog
EnableWindow
SendMessageW
GetKeyState
GetFocus
GetNextDlgTabItem
CheckMenuItem
GetMenuItemID
GetMenuItemCount
EnableMenuItem
RemoveMenu
InsertMenuItemW
CheckMenuRadioItem
DeleteMenu
SetMenuItemInfoW
GetCursorPos
GetMenu
GetSubMenu
IsMenu
GetMenuItemInfoW
DestroyMenu
GetParent
FindWindowExW
GetWindowRect
DrawAnimatedRects
IsZoomed
IsWindow
ShowWindow
IsWindowVisible
GetWindowPlacement
SetPropA
GetPropA
CallWindowProcW
RemovePropA
SetForegroundWindow
InvalidateRect
GetSysColorBrush
FillRect
GetClientRect
GetDC
ReleaseDC
SetFocus
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
FindWindowW
CharPrevW
PostQuitMessage
GetClassInfoExW
RegisterClassExW
GetClassNameW
DestroyWindow
DefWindowProcW
LoadStringW
GetWindowLongW
SetWindowLongW
KillTimer
SetTimer
PostMessageW
PostThreadMessageW
IsWindowEnabled
EnumChildWindows
MessageBoxIndirectW
EndPaint
BeginPaint
SystemParametersInfoW
SendDlgItemMessageW
PeekMessageW
LoadCursorW
GetWindowDC
LoadImageW
DrawFocusRect
InflateRect
OffsetRect
DeferWindowPos
GetUpdateRect
GetWindow
PtInRect
GetWindowTextLengthW
GetDesktopWindow
UnhookWindowsHookEx
GetLastInputInfo
CallNextHookEx
SetWindowsHookExW
MapWindowPoints
ClientToScreen
SetRect
AdjustWindowRectEx
MsgWaitForMultipleObjects
GetMessageTime
IntersectRect
WindowFromDC
ValidateRect
UnionRect
SetWindowRgn
EqualRect
IsChild
wsprintfW
GetMenuState
FlashWindow
IsIconic
DrawMenuBar
GetDialogBaseUnits
IsClipboardFormatAvailable
ReleaseCapture
SetCapture
InvalidateRgn
DestroyAcceleratorTable

wsock32

WSAAsyncSelect
recv
getsockname
WSAGetLastError
WSAAsyncGetHostByName
connect
socket
WSACancelAsyncRequest
listen
closesocket
bind
select
sendto
ntohl
setsockopt
htonl
recvfrom
send
ioctlsocket
inet_addr
WSAStartup
ntohs
htons
gethostname
gethostbyname
WSACleanup
accept

ole32

StgOpenStorageOnILockBytes
IIDFromString
CoInitialize
CoUninitialize
StringFromCLSID
CoGetClassObject
OleLockRunning
OleFlushClipboard
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleCreateStaticFromData
OleRun
DoDragDrop
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
RegisterDragDrop
RevokeDragDrop
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
OleInitialize
GetHGlobalFromILockBytes

oleaut32

SysAllocStringLen
LoadRegTypeLi
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysStringLen
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
VariantCopy
VariantChangeType
VariantClear
SafeArrayGetElemsize
SafeArrayCreateVector
CreateStdDispatch
VarCmp
SafeArrayDestroy
OleCreateFontIndirect
LoadTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringByteLen
SysFreeString

comctl32

ord8
CreateToolbarEx
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17
PropertySheetW
CreateStatusWindowW
ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_EndDrag
ImageList_Draw
ImageList_Remove

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

shell32

ShellExecuteW
DragQueryFileW
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
Shell_NotifyIconA
SHAppBarMessage
DragFinish
DragAcceptFiles
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveInGetNumDevs
waveOutGetNumDevs
PlaySoundW

shlwapi

SHGetValueW
SHGetInverseCMAP
StrCmpNW
StrChrW
StrStrW
StrToIntExW
StrStrIW
StrCatBuffW
StrPBrkW
StrCmpNIW
StrTrimW
StrRChrW
wnsprintfA
StrChrA
StrStrA
StrStrIA
StrCmpNA
StrTrimA
StrCatBuffA
StrRChrA
ord176
wnsprintfW
StrCpyNW
StrCmpIW

gdiplus

GdipGetImagePalette
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
GdipCloneImage
GdiplusShutdown

msimg32

TransparentBlt
AlphaBlend

netapi32

NetApiBufferFree
NetGetJoinInformation

wininet

HttpQueryInfoW
InternetOpenA
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetSetOptionA
GetUrlCacheEntryInfoW
HttpSendRequestW
ResumeSuspendedDownload
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetSetStatusCallbackW

cryptdll

MD5Init
MD5Final
MD5Update

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

ffd1f04880803a2cbc5373cdec3fc09a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

wsock32

ole32

oleaut32

comctl32

comdlg32

shell32

version

winmm

shlwapi

gdiplus

msimg32

netapi32

wininet

cryptdll

iphlpapi

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 560KB - Virtual size: 560KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 560KB - Virtual size: 560KB