metasploit | b44d2b620d708fb6918c0eec537330de_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b44d2b620d708fb6918c0eec537330de_JaffaCakes118
Size

72KB
MD5

b44d2b620d708fb6918c0eec537330de
SHA1

7d209eddc0eb20496fae749929e9082832bdcb7b
SHA256

df61a42a90a6a29f7164f6ac1e24ca123c0bc5fa683691b57412056c5bc7e0b4
SHA512

d34f359e0fcd0c1ced9fb68fa4956fddd41fe6126bfbe63bfa4d8eb6aec87cb5fbc991a84480184173e5eaab8908a33832deb3a0368265546092a4d15641aeec
SSDEEP

768:RqB6Z5ww5AXTQ7Mkc2n601nKFCaIqkUaxhxD8+dAb64KqeoqzpKxR6ThHRXv:RVZkTQQkln6ejrib4hlzpGYTv

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b44d2b620d708fb6918c0eec537330de_JaffaCakes118

Files

b44d2b620d708fb6918c0eec537330de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ccaaca9a796476c1285e10712eefa9d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
HeapAlloc
GetProcessHeap
lstrcatA
GetSystemDirectoryA
DeleteFileA
GetLastError
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcess
TerminateProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
SetEvent
ResetEvent
GetModuleFileNameA
CreateThread
CreateEventA
OutputDebugStringW
lstrcpyW
OpenEventA
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
lstrcpynA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
ResumeThread
SetThreadContext
VirtualProtectEx
VirtualAlloc
TransactNamedPipe
UpdateResourceA
SizeofResource
LockResource
LoadResource
FindResourceA
EndUpdateResourceA
EnumResourceNamesA
BeginUpdateResourceA
GetTempPathA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetStartupInfoA
ExitProcess
GetStdHandle
lstrcmpA
lstrcpyA
SetFilePointer
WriteFile
HeapFree
LoadLibraryA
FreeLibrary
CreateFileA
GetFileSize
CloseHandle
lstrlenA
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetSystemTime
SetSystemTime
Sleep
LeaveCriticalSection
OutputDebugStringA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetShareEnum
NetServerGetInfo
NetApiBufferFree

ws2_32

__WSAFDIsSet
recv
select
htons
inet_addr
WSAStartup
WSACleanup
gethostname
gethostbyname
inet_ntoa
socket
accept
listen
send
closesocket
WSAGetLastError
bind

iphlpapi

SendARP

rpcrt4

UuidFromStringA
UuidToStringA

user32

FindWindowA
ShowWindow
wsprintfA
IsCharAlphaNumericA
SendMessageA
wvsprintfA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegRestoreKeyA
RegOpenKeyA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

ccaaca9a796476c1285e10712eefa9d0

Headers

File Characteristics

Imports

kernel32

mpr

netapi32

ws2_32

iphlpapi

rpcrt4

user32

advapi32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 85KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 85KB