metasploit | 8be7560045f5044b7a3e3a1a8c5c7a4f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8be7560045f5044b7a3e3a1a8c5c7a4f_JaffaCakes118
Size

317KB
MD5

8be7560045f5044b7a3e3a1a8c5c7a4f
SHA1

529e2e80dd626cad236fc4063101668317f16436
SHA256

1acaf777052e46bd11abf38406fb6cb4a3e0de6ec23dfbea029564c606a2fdcb
SHA512

c2c143a198791dcafe1f794c0d3975b6590974cb17e27427a15be6398550f7636a94179cf46e1b767c0cd75f2999fb6a20683c06d241c9248db10b77b9d04071
SSDEEP

6144:jsXvCmQRCtq1kePbvRqoHwBFdwmk/zzxhNvEeh7+PvgGj27F6/L1F/FOeR+bFB:6CmQRCtq1kePbvZwBFdwmkbzxhNv/+PS

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8be7560045f5044b7a3e3a1a8c5c7a4f_JaffaCakes118

Files

8be7560045f5044b7a3e3a1a8c5c7a4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5e0a5f0d932273651f558ca0d7c621a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EmptyClipboard
OpenClipboard
VkKeyScanA
SetClipboardData
SetFocus
SetForegroundWindow
keybd_event
BlockInput
wsprintfA
ShowWindow
CloseClipboard

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

ws2_32

send
closesocket
connect
gethostbyname
socket
recv
htons
shutdown
accept
gethostname
inet_ntoa
inet_addr
__WSAFDIsSet
select
listen
bind
ioctlsocket
setsockopt
WSAStartup
WSACleanup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetTimeFormatA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
OutputDebugStringA
GetStdHandle
DebugBreak
HeapAlloc
Sleep
MultiByteToWideChar
ReadFile
CloseHandle
WriteFile
TransactNamedPipe
CreateFileA
WaitForSingleObject
GetLastError
CreateEventA
CopyFileA
WideCharToMultiByte
GetTickCount
DeleteFileA
CreateProcessA
OpenProcess
GetCurrentProcessId
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
ExitProcess
CreateMutexA
MoveFileA
GetTempPathA
CreateThread
ExitThread
SetFilePointer
GetFileSize
GetLocalTime
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
GetComputerNameA
GetDateFormatA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
TerminateProcess
GetLogicalDrives
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
CreateDirectoryA
GetWindowsDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
LoadLibraryA
GlobalAlloc
InterlockedDecrement
lstrcpynA
lstrcmpA
lstrcpyA
lstrlenA
GetLocaleInfoA
GetVersionExA
GlobalMemoryStatus
TerminateThread
GetSystemTime
IsBadWritePtr
IsBadReadPtr
HeapValidate
RtlUnwind
GetTimeZoneInformation
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
FatalAppExitA

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

e5e0a5f0d932273651f558ca0d7c621a

Headers

File Characteristics

Imports

user32

ole32

oleaut32

ws2_32

version

kernel32

Sections

.text Size: 225KB - Virtual size: 225KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 55KB - Virtual size: 388KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 225KB - Virtual size: 225KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 55KB - Virtual size: 388KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 15KB