metasploit | 37b16efed8e71347d2ca91baee81f60a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37b16efed8e71347d2ca91baee81f60a_JaffaCakes118
Size

132KB
MD5

37b16efed8e71347d2ca91baee81f60a
SHA1

d935cadfff7d039ba69cb2fc7c0b54ddb14eeee6
SHA256

bc8a8991e1439ec96086c47c79d224d9e218b8bdc525477e2265761ce802190b
SHA512

142ffaaeee65b608b50899fb768b6914335fb87f49710978f34bba2b5d1cd8e49c9509cacef5731c2749ed37538ffccd3def8b3691fff17074128b1a1e130bb5
SSDEEP

3072:aeoHqnoFivg3mJltZWj2Zy5zMZAX1FHJHda23TLuQGe9:LwqoFiYmJltTZy5JlFpHspQGe

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b16efed8e71347d2ca91baee81f60a_JaffaCakes118

Files

37b16efed8e71347d2ca91baee81f60a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

622bd0a777ea9cc677b50ee1faa35287

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetModuleHandleA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
GetComputerNameA
GetVersionExA
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
SizeofResource
FreeLibrary
IsBadReadPtr
LoadLibraryExA
TerminateProcess
CreateProcessA
ReadFile
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
GetWindowsDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalUnlock
GlobalLock
LocalFree
LoadResource
LockResource
WriteFile
CreateFileA
DeleteFileA
GetCurrentProcessId
CreateMutexA
GetLastError
SetErrorMode
GetSystemTime
TerminateThread
CloseHandle
CopyFileA
ExitProcess
GetLocaleInfoA
GetCurrentProcess
SetProcessWorkingSetSize
GetTickCount
Sleep
GetShortPathNameA
GetEnvironmentVariableA
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
SetFileAttributesA
VirtualProtectEx

user32

GetKeyNameTextA
GetWindowTextA
GetKeyboardLayout
DispatchMessageA
SetKeyboardState
GetMessageA
GetActiveWindow
GetKeyboardState
ToAsciiEx
OpenClipboard
GetClipboardData
UnhookWindowsHookEx
CallNextHookEx
CloseClipboard
FindWindowA
GetWindowThreadProcessId
SetWindowsHookExA

advapi32

RegDeleteValueA
CloseEventLog
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegEnumValueA
ClearEventLogA

msvcrt

free
sscanf
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
fopen
fseek
fread
_stricmp
fclose
__CxxFrameHandler
strtok
atoi
system
_onexit
__dllonexit
_CxxThrowException
fwrite
??1type_info@@UAE@XZ
strstr
strncat
_snprintf
strncpy
_vsnprintf
toupper
islower
rand
srand
atol
sprintf

netapi32

NetShareDel

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

shell32

ShellExecuteA

wininet

InternetConnectA
FtpPutFileA
InternetOpenUrlA
FtpGetFileA
InternetCloseHandle
InternetGetConnectedStateEx
InternetOpenA

ws2_32

shutdown
inet_addr
getsockname
ntohs
WSAIoctl
bind
WSASocketA
accept
listen
sendto
gethostname
__WSAFDIsSet
select
ioctlsocket
htonl
setsockopt
inet_ntoa
WSAStartup
WSACleanup
closesocket
recv
WSACloseEvent
send
gethostbyname
htons
socket
getpeername
connect
gethostbyaddr

ntdll

ZwSystemDebugControl
NtQuerySystemInformation

oleaut32

GetErrorInfo

Sections

.data
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

622bd0a777ea9cc677b50ee1faa35287

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

psapi

shell32

wininet

ws2_32

ntdll

oleaut32

Sections

.data Size: 119KB - Virtual size: 119KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 11KB - Virtual size: 11KB

.data
Size: 119KB - Virtual size: 119KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 11KB - Virtual size: 11KB