metasploit | b45a910ac7f965d9f95dce93ca78c61d_JaffaCakes118

General

Target

b45a910ac7f965d9f95dce93ca78c61d_JaffaCakes118
Size

53KB
MD5

b45a910ac7f965d9f95dce93ca78c61d
SHA1

0bc171f0013550d9a4b0bc2583b43f38e27f424b
SHA256

156325cabc8969ca4e517949ad5aac39520879ffb136d793ce9f8972813d7a8c
SHA512

6fd9c26042bf0845e911e266257448fa710403319c1c3fea677331b62ca971219f379b4ed653474da8c3aca00c6d1c88a8b3e30e4f543739b12b0525a2625029
SSDEEP

768:N7Bmi7TZITxaPE4YwEIpHrQ4NJ+tkXbMVeT5hBoDb9qCKpvzwYsw2M:Noi7TKdaPpEIuCXbM0hB+8UYsw2M

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b45a910ac7f965d9f95dce93ca78c61d_JaffaCakes118

Files

b45a910ac7f965d9f95dce93ca78c61d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e39215aa264b16d52ee1c9986be07ffa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
FindWindowExA
FindWindowA
SendMessageA

kernel32

GetVersionExA
CloseHandle
WaitForSingleObject
GetTickCount
GetLastError
CreateThread
ExitProcess
lstrcmpiA
ExitThread
CreateProcessA
WriteFile
CreateFileA
TerminateThread
ExpandEnvironmentStringsA
GetModuleHandleA
GetProcAddress
LoadLibraryA
ReleaseMutex
CreateMutexA
TransactNamedPipe
GetFileAttributesA
CopyFileA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
Sleep
GetStartupInfoA
GetModuleFileNameA

msvcrt

strlen
_snprintf
malloc
strcpy
sprintf
strcmp
strstr
strncpy
strchr
rand
srand
atoi
strcat
strtoul
sscanf
fclose
fread
ftell
fseek
fopen
strtok
memcmp
exit
fgets
strncat
_vsnprintf
??2@YAPAXI@Z
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
free
_except_handler3
_strcmpi
memcpy
strrchr

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
GetUserNameA
RegQueryValueExA

ws2_32

connect
closesocket
socket
ioctlsocket

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

e39215aa264b16d52ee1c9986be07ffa

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

advapi32

ws2_32

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 287KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 287KB