metasploit | 044ae065473322cd9edbbb0c90905183_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

044ae065473322cd9edbbb0c90905183_JaffaCakes118
Size

334KB
MD5

044ae065473322cd9edbbb0c90905183
SHA1

3026b26ea13ade516d73950c9106dd05ea427491
SHA256

c17334646a9682750b6baff90829fa0cb6f77f52d675341ff345e6d74399aaa6
SHA512

61c2b8437ab57f4cbddcca34f4f843198c25a029ee74bc9e22b2c4a4b7a5b1cce3cb67d6e2a2cfbd7004d46612c0c6d7637a1949c1a233e84ebf9abf71d3ae50
SSDEEP

6144:euzLZtq2hsXlW2z6rwE0i8leOUh5UGdLu6cdf4A+XhcA72mTmjf+c9eF6/R3rkyC:eOtq2hsXlTQV8leOUhSGdLRcdfWXhijy

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
044ae065473322cd9edbbb0c90905183_JaffaCakes118

Files

044ae065473322cd9edbbb0c90905183_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6eb2fd5a19642c431fbd62a0b8ca6c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EmptyClipboard
OpenClipboard
VkKeyScanA
SetClipboardData
SetFocus
SetForegroundWindow
keybd_event
BlockInput
wsprintfA
ShowWindow
CloseClipboard

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

ws2_32

send
closesocket
connect
gethostbyname
socket
recv
htons
shutdown
accept
gethostname
inet_ntoa
inet_addr
__WSAFDIsSet
select
listen
bind
ioctlsocket
setsockopt
WSAStartup
WSACleanup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetDateFormatA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapCreate
HeapDestroy
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapFree
HeapReAlloc
OutputDebugStringA
GetStdHandle
DebugBreak
Sleep
MultiByteToWideChar
ReadFile
CloseHandle
WriteFile
TransactNamedPipe
CreateFileA
WaitForSingleObject
GetLastError
CreateEventA
CopyFileA
WideCharToMultiByte
GetTickCount
DeleteFileA
CreateProcessA
OpenProcess
GetCurrentProcessId
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
ExitProcess
CreateMutexA
MoveFileA
GetTempPathA
CreateThread
ExitThread
SetFilePointer
GetFileSize
GetLocalTime
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
GetComputerNameA
GetTimeFormatA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
TerminateProcess
GetLogicalDrives
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
ReadProcessMemory
CreateDirectoryA
GetWindowsDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
LoadLibraryA
GlobalAlloc
InterlockedDecrement
lstrcpynA
lstrcmpA
lstrcpyA
lstrlenA
GetLocaleInfoA
GetVersionExA
GlobalMemoryStatus
TerminateThread
GetSystemTime
IsBadWritePtr
IsBadReadPtr
HeapValidate
RtlUnwind
GetTimeZoneInformation
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
FatalAppExitA
HeapAlloc

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f6eb2fd5a19642c431fbd62a0b8ca6c5

Headers

File Characteristics

Imports

user32

ole32

oleaut32

ws2_32

version

kernel32

Sections

.text Size: 233KB - Virtual size: 232KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 63KB - Virtual size: 395KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 233KB - Virtual size: 232KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 63KB - Virtual size: 395KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 16KB