metasploit | c7887a7bb7e672192a58ef5d6f985932_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c7887a7bb7e672192a58ef5d6f985932_JaffaCakes118
Size

272KB
MD5

c7887a7bb7e672192a58ef5d6f985932
SHA1

b9fb0daeed88638b7a965449bf0b9f01df35efd0
SHA256

f6c3d193a281dc20507a1dfdfc45cf5292d59c385640c61daf6fb475786ae0dd
SHA512

d4af49290ca8fb9329bd940461c855f4172c4e7ebc6ef2092091663ac6fffc5e427346d2c4671217e8f98bc1e542e298c198752cb8a0011e1226ab68f9019b89
SSDEEP

6144:wjlNv3g5OnD/ajNFB9FgXYhSEw6rfyxIXzuJhoiH:qlNvQ5OjajNFBzgXstXqGi

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7887a7bb7e672192a58ef5d6f985932_JaffaCakes118

Files

c7887a7bb7e672192a58ef5d6f985932_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c627231e6d0576f86291016ff691a17f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

user32

wsprintfA

mpr

WNetAddConnection2A

ws2_32

accept
recv
send
WSAStartup
gethostname
__WSAFDIsSet
inet_ntoa
htons
inet_addr
select
socket
ioctlsocket
connect
closesocket
listen
bind
setsockopt
WSACleanup
gethostbyname

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

OpenProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
ExitThread
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
MultiByteToWideChar
ReadFile
CloseHandle
WriteFile
TransactNamedPipe
CreateFileA
GlobalFree
WinExec
lstrcatA
lstrlenA
GetModuleFileNameA
GlobalAlloc
WaitForSingleObject
GetLastError
CreateEventA
CopyFileA
GetDriveTypeA
GetLogicalDriveStringsA
SetFileAttributesA
GetTimeFormatA
GetDateFormatA
CreateThread
GetFileSize
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetEnvironmentVariableW
GetProcAddress
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
GetCurrentProcess
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
GetTempPathA
GetVersionExA
lstrcpynA
lstrcmpA
lstrcpyA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
CreatePipe
GlobalMemoryStatus
GetSystemDirectoryA
GetLocalTime
ExitProcess
WideCharToMultiByte
GetComputerNameA
TerminateProcess
lstrcmpiA
DeleteFileA
GetCurrentProcessId
CreateMutexA
TerminateThread
MoveFileA
GetLocaleInfoA
GetLogicalDrives
GetTimeZoneInformation
GetSystemTime
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

c627231e6d0576f86291016ff691a17f

Headers

File Characteristics

Imports

shlwapi

user32

mpr

ws2_32

version

kernel32

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 117KB - Virtual size: 1004KB

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 117KB - Virtual size: 1004KB