metasploit | 3c3bffc08303590e572c4949a2fe3217_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c3bffc08303590e572c4949a2fe3217_JaffaCakes118
Size

72KB
MD5

3c3bffc08303590e572c4949a2fe3217
SHA1

627a2f11f81ecdf323f9c6d03daf5ffe99279a05
SHA256

0ede22c930a23d0ca66e38413eeeebadf203ec3af70bfaf230c2f1213198c340
SHA512

4d80783d4606698ebe740552bc77b411a0f63b583bccc5a5b25f283447d47da75329a6bd397d901b2ed748c63838a33f4f534482775f226ca34cad590f870631
SSDEEP

768:MslytCZqUxSu4VTlW+kyIDfFlmI3kT6W5L+zAP6WKqepRzpKxR6KChHRXv:MPtE4JZkyWu6iLtSh7zpGMTv

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c3bffc08303590e572c4949a2fe3217_JaffaCakes118

Files

3c3bffc08303590e572c4949a2fe3217_JaffaCakes118
.exe windows:4 windows x86 arch:x86

476caeafd2a88b9fd5d3f54cc45e458c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
HeapAlloc
GetProcessHeap
lstrcatA
GetSystemDirectoryA
DeleteFileA
GetLastError
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcess
TerminateProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
SetEvent
ResetEvent
GetModuleFileNameA
CreateThread
CreateEventA
OutputDebugStringW
OpenEventA
GetCommandLineA
MultiByteToWideChar
lstrcpyW
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
ResumeThread
SetThreadContext
VirtualProtectEx
VirtualAlloc
TransactNamedPipe
UpdateResourceA
SizeofResource
LockResource
LoadResource
FindResourceA
EndUpdateResourceA
EnumResourceNamesA
BeginUpdateResourceA
GetTempPathA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetStartupInfoA
ExitProcess
GetStdHandle
lstrcmpA
lstrcpyA
SetFilePointer
WriteFile
HeapFree
LoadLibraryA
FreeLibrary
CreateFileA
GetFileSize
CloseHandle
lstrlenA
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetSystemTime
SetSystemTime
Sleep
EnterCriticalSection
OutputDebugStringA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetShareEnum
NetServerGetInfo
NetApiBufferFree

ws2_32

__WSAFDIsSet
recv
select
htons
inet_addr
WSAStartup
WSACleanup
gethostname
gethostbyname
inet_ntoa
socket
accept
listen
send
closesocket
WSAGetLastError
bind

iphlpapi

SendARP

rpcrt4

UuidFromStringA
UuidToStringA

user32

FindWindowA
ShowWindow
wsprintfA
IsCharAlphaNumericA
SendMessageA
wvsprintfA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegRestoreKeyA
RegOpenKeyA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

476caeafd2a88b9fd5d3f54cc45e458c

Headers

File Characteristics

Imports

kernel32

mpr

netapi32

ws2_32

iphlpapi

rpcrt4

user32

advapi32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 84KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 84KB