metasploit | de94984ecbcc064ef93740c55c169777_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

de94984ecbcc064ef93740c55c169777_JaffaCakes118
Size

58KB
MD5

de94984ecbcc064ef93740c55c169777
SHA1

04e84cec95067a45ce4e20bc921074ac851e57e6
SHA256

11d89f2cc316afd6d1f3649c85a06ceeedf8401119ea803ead682502323c982d
SHA512

d3f4ee0b5ea34c095e1901d70d1e40169677d9613f586965a4995d4dbbacfdcbfce6a052cce3ab9fe2584467b5ceb6f64a684114c73f2d73b971449e1aaeca11
SSDEEP

768:HY0JV7zP9lGsSRAwxmkveRJrOvMBo2e4u1a9MeIaDh+Ef8YlgTgLEl2lojubvCnT:Hzv7zCs4XgrH/iazvGT2l

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de94984ecbcc064ef93740c55c169777_JaffaCakes118

Files

de94984ecbcc064ef93740c55c169777_JaffaCakes118
.exe windows:4 windows x86 arch:x86

334d07207823db69cc151625de1b461f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyaddr
recv
inet_ntoa
connect
socket
sendto
select
recvfrom
WSAStartup
inet_addr
gethostname
gethostbyname
ioctlsocket
shutdown
closesocket
htons
setsockopt
bind
listen

advapi32

GetUserNameA

mpr

WNetAddConnection2A

shell32

ShellExecuteExA
SHChangeNotify

iphlpapi

GetAdaptersInfo

msvcrt

time
_stricmp
memcmp
sscanf
fread
fopen
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_controlfp
_vsnprintf
strlen
malloc
memset
memcpy
free
strcat
strncpy
rand
sprintf
atoi
srand
strchr
strrchr
strcpy
strcmp
strstr
_snprintf
ceil
strncat
_strcmpi
_ftol
_except_handler3
strcspn
??2@YAPAXI@Z
__set_app_type
strtok
fseek

kernel32

GetStartupInfoA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TransactNamedPipe
ReadFile
CreateEventA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
SetProcessPriorityBoost
CopyFileA
InitializeCriticalSectionAndSpinCount
OpenProcess
GetCurrentThread
GetCurrentProcess
GetWindowsDirectoryA
GetFileTime
SetFileTime
GetFileAttributesA
TerminateThread
LocalAlloc
LocalFree
GetProcAddress
LoadLibraryA
GetLocaleInfoA
CreateMutexA
SetFileAttributesA
DeleteFileA
ReleaseMutex
ExpandEnvironmentStringsA
CreateFileA
ExitThread
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
lstrcmpiA
CreateThread
Sleep
GetLastError
GetTempPathA
GetTickCount
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetVersionExA
TerminateProcess

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

334d07207823db69cc151625de1b461f

Headers

File Characteristics

Imports

wsock32

advapi32

mpr

shell32

iphlpapi

msvcrt

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 17KB - Virtual size: 360KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 360KB