metasploit | 02000b5558923c8ddb3fdd5c3436d1ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02000b5558923c8ddb3fdd5c3436d1ae_JaffaCakes118
Size

1.0MB
MD5

02000b5558923c8ddb3fdd5c3436d1ae
SHA1

2e2cc9dcc3269c856ff689ecec048bca77bd38db
SHA256

e2a06bbb4883de4a5461ef87ddda2470c58755fbb8c3ac621b0a7e7f129a05df
SHA512

c6dd9e26ac88f296e695d38b991d4a9c4f7a13881ffd7973a4739506cd97acea087a0e9e9cec52d9ea66cf5b88cc3cbbf197e264ca7be517d550f8ee36ac8598
SSDEEP

24576:WUgceb5PJ/t7o/10QlRwc27Rypi48IGbhNmr3I2RIZOHv:WNnj/h017Wc21y04DGFNmr3IsIZE

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.0.100:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02000b5558923c8ddb3fdd5c3436d1ae_JaffaCakes118

Files

02000b5558923c8ddb3fdd5c3436d1ae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fe29ac61823c9ee660c3217c8fd85d92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_adjust_fdiv
strstr
_strlwr
strrchr
_stricmp
_strnicmp
_wcsicmp
towlower
strchr
tolower
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strncpy
_snprintf
sprintf
free
malloc
_vsnprintf

advapi32

InitializeAcl
InitializeSecurityDescriptor
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetExitCodeProcess
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
GetCurrentDirectoryA
CreateThread
GetDiskFreeSpaceA
GetSystemTime
SystemTimeToFileTime
SetFileAttributesA
CopyFileA
CreateProcessA
FindNextFileA
FindClose
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FindFirstFileA
GetFileSize
GetFileAttributesA
SetEvent
GetCommandLineA
QueryDosDeviceA
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
GetCurrentProcess
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
MoveFileA
ExpandEnvironmentStringsA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetModuleFileNameA

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.8MB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

fe29ac61823c9ee660c3217c8fd85d92

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntdll

comctl32

shell32

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 69KB

.rsrc Size: 11.8MB - Virtual size: 9KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 69KB

.rsrc
Size: 11.8MB - Virtual size: 9KB