metasploit | 292251b4edb4e110c959a67fe4693764_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

292251b4edb4e110c959a67fe4693764_JaffaCakes118
Size

144KB
MD5

292251b4edb4e110c959a67fe4693764
SHA1

fed45d94494aaef59be1e58b2a053741ebd7cc35
SHA256

a416aac7c815a4659d0c39f8bf6e7e09ad7af63ae19d74fe38334ab65a2f8c9e
SHA512

61e56b8cb94859188d507e2c489a4a7647d987c6aca7907471be51704c2c2a6279917a3fa5171b7b4bbf59a6ec12a84094d3c1e5ba308192b0eb09161510fb6e
SSDEEP

3072:txk2dFTX6/eYeXXSK7Pae27XADoF/umGm4Uzy5bo3O2+9w:B9r7XXSKeeYXnWe4Uzy5bo

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
292251b4edb4e110c959a67fe4693764_JaffaCakes118

Files

292251b4edb4e110c959a67fe4693764_JaffaCakes118
.exe windows:5 windows x86 arch:x86

afe26738d5224973969b2178596c416e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

regedi(.pdb

Imports

msvcrt

__p__commode
_initterm
__getmainargs
__p__fmode
__set_app_type
__setusermatherr
_adjust_fdiv
_controlfp
_acmdln
exit
_cexit
_exit
_c_exit
iswprint
swprintf
wcslen
wcscpy
_purecall
iswctype
_except_handler3
_resetstkoflw
_vsnwprintf
memmove
wcscmp
wcsrchr
wcschr
wcsncmp
_XcptFilter

advapi32

RegQueryValueExA
InitializeAcl
SetSecurityDescriptorDacl
RegOpenKeyExA
InitializeSecurityDescriptor
RegDeleteValueW
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetInheritanceSourceW
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
MapGenericMask
RegSetValueExA
RegSetValueW
RegFlushKey
RegSaveKeyW
RegRestoreKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegEnumValueW
RegOpenKeyW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegUnLoadKeyW
RegLoadKeyW
RegQueryInfoKeyW
RegDeleteKeyW

kernel32

DeleteFileW
WriteFile
WideCharToMultiByte
CreateFileW
OutputDebugStringW
GetLastError
SetFilePointer
GetFileSize
SearchPathW
GetTimeFormatW
GetDateFormatW
GetSystemDefaultLCID
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
MulDiv
lstrcpynW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
ReadFile
MultiByteToWideChar
lstrcmpW
FormatMessageW
GetThreadLocale
GetModuleHandleW
ExitProcess
GetCommandLineW
GetProcessHeap
lstrcpyW
LocalAlloc
GetCurrentProcess
CloseHandle
lstrcmpiW
LocalFree
GetComputerNameW
lstrlenW
LocalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
LoadLibraryA

gdi32

GetStockObject
SetAbortProc
StartDocW
StartPage
SetViewportOrgEx
EndPage
EndDoc
AbortDoc
DeleteDC
CreateBitmap
CreatePatternBrush
PatBlt
ExcludeClipRect
SelectClipRgn
DeleteObject
SetBkColor
SetTextColor
ExtTextOutW
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW

user32

SetWindowLongW
DefWindowProcW
ReleaseDC
GetDC
SetScrollInfo
DestroyCaret
ReleaseCapture
KillTimer
SetCaretPos
ScrollWindowEx
InvalidateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
WinHelpW
EndDialog
GetWindowLongW
ShowCaret
CreateCaret
CharLowerW
MessageBeep
DestroyMenu
TrackPopupMenuEx
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
SetFocus
SetDlgItemTextW
EndPaint
BeginPaint
SetTimer
SetCapture
GetKeyState
RegisterClassW
LoadCursorW
RegisterClipboardFormatW
CheckRadioButton
SendMessageW
GetWindowTextW
GetParent
GetDlgItemTextW
IsDlgButtonChecked
GetDlgCtrlID
CallWindowProcW
GetWindowTextLengthW
GetDlgItemInt
PostQuitMessage
GetWindowPlacement
SetWindowTextW
EnableWindow
DialogBoxParamW
DrawMenuBar
SendDlgItemMessageW
DeleteMenu
SetMenuItemInfoW
GetMenu
GetMenuItemInfoW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsIconic
DestroyIcon
LoadImageW
GetSysColor
SetCursor
ShowCursor
ShowWindow
SetWindowPlacement
CreateWindowExW
GetMessageW
ScreenToClient
SetCursorPos
DispatchMessageW
ClientToScreen
GetProcessDefaultLayout
GetDesktopWindow
LoadIconW
PostMessageW
SetMenuDefaultItem
InsertMenuW
GetMenuItemID
CheckMenuItem
UpdateWindow
RegisterClassExW
CharNextW
GetClientRect
DestroyWindow
CreateDialogParamW
CheckDlgButton
DrawAnimatedRects
IntersectRect
ModifyMenuW
GetMessagePos
TranslateMessage
TranslateAcceleratorW
LoadAcceleratorsW
SetForegroundWindow
GetLastActivePopup
BringWindowToTop
FindWindowW
LoadStringW
GetWindow
IsDialogMessageW
PeekMessageW
MessageBoxW
CharUpperBuffW
CharUpperW
IsCharAlphaNumericW
wsprintfW
GetDlgItem
GetWindowRect
GetSystemMetrics
MoveWindow
MapWindowPoints
InsertMenuItemW
SetWindowPos
HideCaret

comctl32

ord236
ord340
InitCommonControlsEx
ord365
ord334
ImageList_SetBkColor
ImageList_Destroy
ord2
ord4
ImageList_ReplaceIcon
ord338
ord337
ord329
ord359
CreateStatusWindowW
ord358
ImageList_Create
ord363

comdlg32

GetOpenFileNameW
GetSaveFileNameW
PrintDlgExW

shell32

DragFinish
DragQueryFileW
ShellAboutW

authz

AuthzInitializeContextFromSid
AuthzAccessCheck
AuthzFreeContext
AuthzFreeResourceManager
AuthzInitializeResourceManager

aclui

ord2

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
ReleaseStgMedium

ulib

??0ARRAY@@QAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Resize@DSTRING@@UAEEK@Z
?NewBuf@DSTRING@@UAEEK@Z
??1OBJECT@@UAE@XZ
??1DSTRING@@UAE@XZ
??0OBJECT@@IAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
??0DSTRING@@QAE@XZ

clb

ClbAddData
ClbSetColumnWidths

ntdll

RtlFreeHeap
RtlAllocateHeap

shlwapi

PathAppendW

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

afe26738d5224973969b2178596c416e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

comctl32

comdlg32

shell32

authz

aclui

ole32

ulib

clb

ntdll

shlwapi

Sections

.text Size: 95KB - Virtual size: 95KB

.data Size: 1024B - Virtual size: 260KB

.rsrc Size: 46KB - Virtual size: 46KB

.text
Size: 95KB - Virtual size: 95KB

.data
Size: 1024B - Virtual size: 260KB

.rsrc
Size: 46KB - Virtual size: 46KB