metasploit | f986dea43bd5f08898bcb9699f63db71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f986dea43bd5f08898bcb9699f63db71_JaffaCakes118
Size

76KB
MD5

f986dea43bd5f08898bcb9699f63db71
SHA1

5be27a4a96ae9e78997ea8f5fc69d0057cea4ca3
SHA256

3936619bdb4f6bac62408f34bdd5a6c89a4ec5c511ac91ecfb561e1f6f6c73cf
SHA512

c2b1594cf911422e6bf35a716dd82c0d856bc6dc73419403d6a95d4f92e25616e2bcf491385f14467118d33e4ee8401c4aa73b237f2e313216227587f4886982
SSDEEP

768:qtSC8fvpwgdY739eUFhoDVYfExEfDAbeHfEIsyMa5SbOrG461nBOo4dd:q8C8fxjI3nMmArMMrOrJogoyd

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/exec

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f986dea43bd5f08898bcb9699f63db71_JaffaCakes118

Files

f986dea43bd5f08898bcb9699f63db71_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af687ace205f97e20b3178cd37902be1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileStringA
CloseHandle
GetLastError
CreateFileA
CompareFileTime
SystemTimeToFileTime
GetFileSize
ReadFile
GetPrivateProfileIntA
GetComputerNameA
GetSystemTime
GetCurrentDirectoryA
GetTempPathA
GetWindowsDirectoryA
GetProcessHeap
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
WriteFile
GetProcAddress
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
FindFirstFileA
FindNextFileA
FindClose
GetTickCount
LoadLibraryA
HeapAlloc
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

user32

SendDlgItemMessageA
PeekMessageA
UpdateWindow
CreateDialogParamA
SetClassLongA
SetWindowTextA
GetMessageA
DispatchMessageA
IsDialogMessageA
TranslateMessage
GetWindowRect
TrackPopupMenu
DestroyMenu
EnableMenuItem
PostQuitMessage
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
SetFocus
LoadCursorA
EnableWindow
ShowWindow
SetCursor
MessageBeep
GetDlgItem
SendMessageA
GetDlgItemTextA
MessageBoxA
SetDlgItemTextA
LoadIconA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
GetUserNameA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Stub
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

af687ace205f97e20b3178cd37902be1

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 2KB

.Stub Size: 4KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 2KB

.Stub
Size: 4KB - Virtual size: 4KB