metasploit | 029f3e6bbf51c98bcf6daa37fd193313_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

029f3e6bbf51c98bcf6daa37fd193313_JaffaCakes118
Size

292KB
MD5

029f3e6bbf51c98bcf6daa37fd193313
SHA1

3f7c740d0321bcae4a0cc1e8dd49864da4327ce8
SHA256

e0aadb74992611744a3abc0e59f463996fe14d3e4d05a2eb0c21944f8ba7fdcf
SHA512

e506725ac18a75997ba940e66b6faf3f046f1cf3fcd152b9d62874d878e978e5572e569bb094e89bfc67841e92b30e8d68b15fe79e4114893891dfbda7e8704c
SSDEEP

6144:IQn1bEx/kKA57Y8jPSsBXFMPaw97QzfAVaFwIt0:IuKA57nPVvMPv3

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
029f3e6bbf51c98bcf6daa37fd193313_JaffaCakes118

Files

029f3e6bbf51c98bcf6daa37fd193313_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5bd5597fec69af0eac5f9909a114ae58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mgmtapi

SnmpMgrStrToOid
SnmpMgrRequest
SnmpMgrOpen
SnmpMgrClose

snmpapi

SnmpUtilMemFree
SnmpUtilVarBindListFree
SnmpUtilVarBindFree
SnmpUtilOidFree
SnmpUtilOidCpy
SnmpUtilOidToA
SnmpUtilMemAlloc

kernel32

GetCurrentDirectoryA
SystemTimeToFileTime
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetSystemTime
GetLocalTime
RaiseException
GetStartupInfoA
GetCommandLineA
GetFileSize
LocalFileTimeToFileTime
HeapFree
CreateThread
ExitThread
TerminateProcess
HeapReAlloc
HeapSize
GetACP
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SizeofResource
GetPrivateProfileStringA
WritePrivateProfileStringA
HeapAlloc
ExitProcess
GetPrivateProfileIntA
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcpynA
GetVersion
InterlockedIncrement
InterlockedDecrement
GetProcessVersion
GetOEMCP
GetCPInfo
LocalReAlloc
GlobalFlags
TlsGetValue
TlsFree
TlsSetValue
GlobalReAlloc
LocalAlloc
GlobalHandle
TlsAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
InitializeCriticalSection
GetStringTypeExA
GetShortPathNameA
GetThreadLocale
FindClose
GetVolumeInformationA
FindFirstFileA
SetEndOfFile
DeleteFileA
MoveFileA
FlushFileBuffers
UnlockFile
LockFile
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
GetFileTime
GetLastError
GetDiskFreeSpaceA
GetTempFileNameA
SetFileTime
GetFullPathNameA
FreeEnvironmentStringsA
GlobalAlloc
GetFileAttributesA
GetProfileStringA
GetModuleFileNameA
GlobalFree
lstrcmpA
GetCurrentThread
FreeEnvironmentStringsW
CreateEventA
MulDiv
WideCharToMultiByte
SetLastError
ResumeThread
SuspendThread
SetThreadPriority
GetEnvironmentStrings
CloseHandle
lstrlenA
SetEvent
WaitForSingleObject
FindResourceA
LoadLibraryA
FreeLibrary
GetCurrentThreadId
LoadResource
LockResource
GlobalDeleteAtom
lstrcmpiA
GlobalFindAtomA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalUnlock
lstrcpyA
GlobalLock
MultiByteToWideChar
GlobalGetAtomNameA
GlobalAddAtomA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle

user32

EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
AdjustWindowRectEx
DispatchMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
IsZoomed
ValidateRect
TranslateMessage
GetMessageA
ClientToScreen
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
EndDialog
wvsprintfA
ShowOwnedPopups
CharUpperA
WindowFromPoint
SetRect
LoadStringA
GetClassNameA
LoadCursorA
GetSysColorBrush
InsertMenuA
DeleteMenu
GetMenuStringA
GetDCEx
LockWindowUpdate
SetCapture
SetParent
IsChild
RegisterClassA
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetWindowDC
GetTopWindow
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetLastActivePopup
IsIconic
GetFocus
EqualRect
CopyRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
GetMenuItemCount
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
GetMenu
LoadIconA
GetClassInfoA
DestroyMenu
SetFocus
GetActiveWindow
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
GetKeyState
GetParent
InvalidateRect
SetTimer
KillTimer
OffsetRect
IsWindowVisible
GetWindowRect
UpdateWindow
EnableWindow
SendMessageA
InflateRect
GetDC
CreateIconIndirect
ReleaseDC
PostQuitMessage
GetCursorPos
SetForegroundWindow
PostMessageA
LoadImageA
DestroyIcon
ScreenToClient
GetClientRect
PtInRect
LoadMenuA
GetSubMenu
DestroyWindow
MessageBoxA
CreateWindowExA
SetWindowPos
wsprintfA
SetMenu
WinHelpA
BringWindowToTop
HideCaret
ShowCaret
DefDlgProcA
UnregisterClassA
IsWindowUnicode
DrawFocusRect
ExcludeUpdateRgn
CharNextA

gdi32

GetTextExtentPointA
ExtCreatePen
CreatePen
CreateCompatibleDC
Rectangle
GetBkMode
GetTextExtentPoint32A
GetClipBox
SetTextColor
GetObjectA
CreateBitmap
SetBkColor
GetTextMetricsA
DeleteDC
SelectObject
SaveDC
RestoreDC
SetBkMode
GetStockObject
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
CreateCompatibleBitmap
ScaleWindowExtEx
SelectClipRgn
SetWindowExtEx
IntersectClipRect
CreateDIBitmap
LineTo
SetTextAlign
MoveToEx
DeleteObject
CreateRectRgn
GetDeviceCaps
CreateSolidBrush
PtVisible
CreatePatternBrush
TextOutA
ExtTextOutA
RectVisible
PatBlt
Escape
CombineRgn
CreateRectRgnIndirect
SetRectRgn
DPtoLP
CreateFontIndirectA
BitBlt
ScaleViewportExtEx
ExcludeClipRect

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegOpenKeyA
SetFileSecurityA
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyA
RegCloseKey
RegQueryValueA
GetFileSecurityA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegSetValueA

shell32

ExtractIconA
DragAcceptFiles
DragQueryFileA
SHGetFileInfoA
DragFinish
Shell_NotifyIconA

comctl32

ord17

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

LIGg
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

5bd5597fec69af0eac5f9909a114ae58

Headers

File Characteristics

Imports

mgmtapi

snmpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 28KB - Virtual size: 25KB

LIGg Size: 4KB - Virtual size:

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 28KB - Virtual size: 25KB

LIGg
Size: 4KB - Virtual size: