metasploit | fc464abc21dcb63ff78e085919c38bdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc464abc21dcb63ff78e085919c38bdb_JaffaCakes118
Size

147KB
MD5

fc464abc21dcb63ff78e085919c38bdb
SHA1

95ff65597fee0be735f8ad32dca90dfdb77f41c5
SHA256

92e7815a7107eec92820c50ad6dda2c2189c746fd9fffbcb368832a968e72a7f
SHA512

8ea951c400340514e7429c436fb75eadf43a576c8985e366f9ea7e438b1371e5abcd559578ac247eccaf43c79894db3f06d779e0116c86a9376ef70cb1565183
SSDEEP

3072:bC94uXFSYJf5iEq3fSjapSvmKfb6rz5bZVcGu5kty:u91XT0LP3SvNb6rzLVLxty

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc464abc21dcb63ff78e085919c38bdb_JaffaCakes118

Files

fc464abc21dcb63ff78e085919c38bdb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31d669036f28b2999312313d570cf1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetTempPathA
Sleep
GetLastError
CreateThread
lstrcmpiA
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
ExitThread
CreateFileA
ExpandEnvironmentStringsA
ReleaseMutex
DeleteFileA
SetFileAttributesA
CreateMutexA
GetLocaleInfoA
LoadLibraryA
GetProcAddress
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
TerminateProcess
OpenProcess
TerminateThread
GetFileAttributesA
SetFileTime
GetFileTime
GetWindowsDirectoryA
CopyFileA
SetProcessPriorityBoost
SetThreadPriority
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventA
ReadFile
lstrlenA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleHandleA
GetModuleFileNameA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
TransactNamedPipe
ExitProcess
HeapFree
HeapAlloc
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetStdHandle
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
VirtualQuery
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType

advapi32

GetUserNameA

shell32

ShellExecuteExA
SHChangeNotify

wsock32

sendto
select
recvfrom
WSAStartup
recv
gethostname
gethostbyname
connect
shutdown
closesocket
htons
setsockopt
bind
listen
gethostbyaddr
inet_addr
inet_ntoa
ioctlsocket
socket

mpr

WNetAddConnection2A

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

31d669036f28b2999312313d570cf1f9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wsock32

mpr

iphlpapi

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 15KB - Virtual size: 364KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 15KB - Virtual size: 364KB

.rsrc
Size: 512B - Virtual size: 436B