metasploit | ef9422a53c8ea19aafde57c92ee36be9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef9422a53c8ea19aafde57c92ee36be9_JaffaCakes118
Size

190KB
MD5

ef9422a53c8ea19aafde57c92ee36be9
SHA1

a4861c1577125b968221630cf774279c2dda78ee
SHA256

8b00b067ac3272c8590e326e62e36ebdd305c4f04300095df8bde1c587e02e21
SHA512

913c3bf79037518a8986c558227e565d639a0c2f14d771d3b1a2208f687b31f1599f2cf197afd07ad6d2ecebbae6546c3e564f9d9ef0a4dbed68d6ce89c48cfa
SSDEEP

3072:JRU2yF8YW8ZjTTbqiaRXa3jnHYMbhNrsEVChSO0p+Q+v:JRU23Y9jT3qJYjnH1jseChSO0p4

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.1.101:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef9422a53c8ea19aafde57c92ee36be9_JaffaCakes118

Files

ef9422a53c8ea19aafde57c92ee36be9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6215f80ff8862b45fe2f1b27c976ccd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atol
strrchr
isdigit
strncpy
isprint
isalnum
atoi
memchr
strchr
isspace
memset
memcpy

comctl32

ord8
CreateToolbarEx
ord17
PropertySheetA

kernel32

GlobalUnlock
SetCurrentDirectoryA
GetStartupInfoA
FindFirstFileA
GetLastError
SetFilePointer
lstrcmpiA
GetProcAddress
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
GetCurrentDirectoryA
CloseHandle
LocalFree
CreateThread
lstrcpyA
lstrcmpA
GetFileSize
CreateFileA
GetFullPathNameA
ExitProcess
lstrcatA
ReadFile
CreateProcessA
MulDiv
GetFileAttributesA
WideCharToMultiByte
GlobalAlloc
GetCommandLineA
WriteFile
GetDateFormatA
FormatMessageA
GetTimeFormatA
GlobalLock
FreeLibrary
SetEndOfFile
lstrcpynA
GetLocaleInfoA
WritePrivateProfileStringA
lstrlenA
SetLastError

user32

CharLowerBuffA
RedrawWindow
DefWindowProcA
EndDialog
GetSysColor
SetClassLongA
TranslateAcceleratorA
EmptyClipboard
EnableMenuItem
ReleaseDC
PeekMessageA
CreateWindowExA
GetClipboardData
GetWindowLongA
CharLowerA
CharUpperBuffA
InvalidateRect
MessageBoxA
GetScrollInfo
SetWindowLongA
CheckMenuRadioItem
TrackPopupMenuEx
GetWindowTextA
GetWindowPlacement
GetMenu
GetKeyboardState
TranslateMessage
IsDialogMessageA
GetDC
RegisterWindowMessageA
SendMessageA
GetWindowTextLengthA
SetFocus
CreateMenu
GetClientRect
IsCharLowerA
wsprintfA
MessageBeep
LoadIconA
LoadMenuA
GetParent
IsClipboardFormatAvailable
DeleteMenu
LoadStringA
GetSubMenu
SetKeyboardState
IsCharAlphaA
SendDlgItemMessageA
PostQuitMessage
InsertMenuItemA
CreateDialogParamA
GetWindowRect
CloseClipboard
CharToOemBuffA
GetMessageA
SetCursor
DestroyWindow
IsCharUpperA
SetWindowPos
GetMenuItemInfoA
LoadAcceleratorsA
ShowWindow
SetMenu
GetSysColorBrush
DrawMenuBar
EnableScrollBar
GetMenuItemCount
IsWindow
PostMessageA
DispatchMessageA
OpenClipboard
SystemParametersInfoA
SetWindowTextA
EnableWindow
SetClipboardData
CallWindowProcA
DestroyMenu
SetMenuItemInfoA
LoadCursorA
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA
GetDialogBaseUnits
OemToCharBuffA
RegisterClassA
GetCursorPos
GetDlgItem

gdi32

EndDoc
StartDocA
GetCharWidthA
SetMapMode
SelectObject
DeleteObject
SetAbortProc
GetTextFaceA
SetBkColor
CreateFontIndirectA
GetDeviceCaps
DeleteDC
StartPage
EndPage
GetStockObject
AbortDoc
CreateSolidBrush
GetTextMetricsA

comdlg32

PageSetupDlgA
ReplaceTextA
CommDlgExtendedError
FindTextA
ChooseFontA
PrintDlgA
GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
IsTextUnicode

shell32

DragQueryFileA
ShellExecuteA
DragFinish

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

6215f80ff8862b45fe2f1b27c976ccd5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 17KB

.rsrc Size: 126KB - Virtual size: 125KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 17KB

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 7KB - Virtual size: 6KB