metasploit | 2f6d5877f6c29f5aa930074bf9d8654b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f6d5877f6c29f5aa930074bf9d8654b_JaffaCakes118
Size

644KB
MD5

2f6d5877f6c29f5aa930074bf9d8654b
SHA1

cd72a036606f23435a12351ea42d218d26e0c8ca
SHA256

a97cf242d0e72d6059dd5d57fd7185e2275e43ff0b1e7a5cea8b0848b7df7798
SHA512

0368bd70337c451d9c28a7d1c4011280f85a106a6e3ac305d109279e7930acf2904a8f65ac0a40d1a3aba04a15d38f88e4298841202ada1c72fc1773e8db9162
SSDEEP

12288:nsnYq8EsMJz+vELTGQLcXw+vVK+cvq4oD2/Zb6pHD2:sn/fgs9LcXw+vVK+cvqjDiZb6p

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

127.0.0.1:8080

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f6d5877f6c29f5aa930074bf9d8654b_JaffaCakes118

Files

2f6d5877f6c29f5aa930074bf9d8654b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24791eecf01d8cb909d6a5d99b5116e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord15
ord14
ord17
ord13

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionFontA
ImmGetCompositionStringW
ImmSetCompositionWindow

winmm

PlaySoundA

kernel32

CreateDirectoryA
SetCurrentDirectoryA
ExpandEnvironmentStringsA
GetFileSize
GetCurrentDirectoryA
DeleteFileA
GetLocalTime
GetACP
CompareStringA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
SetFilePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
HeapSize
CreatePipe
HeapDestroy
VirtualAlloc
VirtualFree
LCMapStringW
LCMapStringA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetStartupInfoA
GetProcessHeap
GetCommandLineA
ExitProcess
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
IsDebuggerPresent
TerminateProcess
SetCommBreak
UnhandledExceptionFilter
HeapFree
HeapReAlloc
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
GetDateFormatA
GetTimeFormatA
SetHandleInformation
GetCurrentThreadId
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentThread
GetThreadTimes
GetCurrentProcess
GetProcessTimes
GetSystemTime
GetSystemTimeAdjustment
CreateThread
WriteFile
CreateEventA
ReadFile
WaitForSingleObject
GetOverlappedResult
SetEvent
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Sleep
SetEndOfFile
Beep
SetLastError
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByteEx
GetLocaleInfoA
GetOEMCP
GetCPInfo
GetModuleHandleA
MulDiv
GetTickCount
LoadLibraryA
GetVersionExA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
CompareStringW
SetEnvironmentVariableA
CreateFileA
GetCommState
SetCommState
SetCommTimeouts
SetUnhandledExceptionFilter
ClearCommBreak
HeapCreate

user32

FindWindowA
GetClipboardOwner
GetQueueStatus
WinHelpA
GetDoubleClickTime
CreateMenu
SetMenuInfo
GetForegroundWindow
UpdateWindow
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
GetCursorPos
ScreenToClient
TranslateMessage
EnableMenuItem
SetForegroundWindow
TrackPopupMenu
FlashWindow
SetKeyboardState
ToAsciiEx
DestroyIcon
SetScrollInfo
GetMessageTime
GetMenuState
SetMenuItemInfoA
PostMessageA
GetSystemMenu
GetLastActivePopup
IsZoomed
GetClipboardData
RegisterClipboardFormatA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCaretPos
DefWindowProcA
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
ShowWindow
CreateWindowExA
GetWindowRect
SystemParametersInfoA
GetSysColor
KillTimer
SetTimer
GetKeyboardState
SetClassLongA
SetCursor
ShowCursor
CreatePopupMenu
InsertMenuA
DeleteMenu
AppendMenuA
GetActiveWindow
MessageBoxIndirectA
CheckMenuItem
IsIconic
GetCapture
ReleaseCapture
GetDesktopWindow
MoveWindow
DefDlgProcA
GetSystemMetrics
LoadImageA
LoadCursorA
RegisterClassExA
CreateDialogParamA
GetMessageA
GetWindowLongA
IsDialogMessageA
DispatchMessageA
PostQuitMessage
EnableWindow
DialogBoxParamA
EndDialog
GetParent
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
RegisterWindowMessageA
DrawEdge
SetCapture
SetFocus
GetDlgItem
GetDlgItemTextA
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetWindowLongA
MessageBeep
SendDlgItemMessageA
GetDC
ReleaseDC
SendMessageA
MapDialogRect
MessageBoxA
GetAsyncKeyState
GetCaretBlinkTime
DestroyWindow
RegisterClassA
GetKeyboardLayout

gdi32

GetTextExtentExPointA
SetMapMode
GetDeviceCaps
RealizePalette
SelectPalette
CreatePalette
ExtTextOutA
GetCharacterPlacementW
ExtTextOutW
GetPixel
SetBkMode
SetTextAlign
CreateCompatibleBitmap
CreateFontIndirectA
GetObjectA
GetTextMetricsA
CreateFontA
LineTo
MoveToEx
CreatePen
SetPixel
Polyline
GetCharWidthW
GetCharWidth32W
GetCharWidthA
GetCharWidth32A
SetPaletteEntries
UnrealizeObject
UpdateColors
ExcludeClipRect
IntersectClipRect
CreateBitmap
SelectObject
GetStockObject
CreateSolidBrush
Rectangle
SetTextColor
SetBkColor
TextOutA
DeleteObject
CreateCompatibleDC
DeleteDC
TranslateCharsetInfo
GetTextExtentPoint32A

winspool.drv

EnumPrintersA
ClosePrinter
EndPagePrinter
WritePrinter
OpenPrinterA
StartDocPrinterA
StartPagePrinter
EndDocPrinter

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA

shell32

Shell_NotifyIconA
ShellExecuteA
ExtractIconExA

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

24791eecf01d8cb909d6a5d99b5116e1

Headers

File Characteristics

Imports

comctl32

imm32

winmm

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 8KB - Virtual size: 36KB

.rsrc Size: 124KB - Virtual size: 120KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 8KB - Virtual size: 36KB

.rsrc
Size: 124KB - Virtual size: 120KB