metasploit | JaffaCakes118_06245da4f63d0593c9e21561444c254c

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_06245da4f63d0593c9e21561444c254c
Size

78KB
MD5

06245da4f63d0593c9e21561444c254c
SHA1

47863b87308b54a82b8dbe16b5f3b1fbb2935d13
SHA256

b75172cd631dde944b448375c47e4918c57945dbe225d1f16ab9781c0ca48960
SHA512

cbdf08fd5e4a437171df347ba86b81cb29ab3eae5dbf4daadc2f46d6618a2b7e18f37ea641a07fb441c8aafdb0e7451c615233d4afa6a5c8dd10e5e4f61ce429
SSDEEP

1536:IzluGjcAawPFmlBHxfbxsCLssuRI0xag4eTmvZPuoBrhu:IY/hTxfV6RI0HTmvhNE

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_06245da4f63d0593c9e21561444c254c

Files

JaffaCakes118_06245da4f63d0593c9e21561444c254c
.exe windows:4 windows x86 arch:x86

66b60018b8d5644368533649dcbfe98f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CxxThrowException
??1type_info@@UAE@XZ
__CxxFrameHandler
_snprintf
malloc
free
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
wcslen
memchr
wcscat
time
toupper
_beginthread
atoi
strchr
memmove
wcsstr
calloc
wcscpy
getenv
sprintf
??2@YAPAXI@Z
sscanf
srand
_EH_prolog
rand
printf
strncpy
strstr
_except_handler3
??3@YAXPAX@Z

kernel32

LocalFree
GetStartupInfoA
GetModuleHandleA
CopyFileA
DeleteFileA
SetFileAttributesA
CreateFileA
WriteFile
FreeLibrary
ExitProcess
lstrcpyA
lstrcmpiA
lstrlenA
GetEnvironmentVariableA
GetCurrentProcess
GetVersionExA
MultiByteToWideChar
WinExec
GetComputerNameA
GetModuleFileNameA
GetFileAttributesA
CreateToolhelp32Snapshot
Process32First
Process32Next
Sleep
SetLastError
GetLocaleInfoA
GetTickCount
ExitThread
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CloseHandle
CreateThread
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetLastError
CreateEventA
ReleaseMutex
CreateMutexA
OpenEventA

user32

MessageBoxA
IsCharAlphaNumericA
SendMessageA
BlockInput
keybd_event
IsCharAlphaA
GetForegroundWindow
GetWindowTextA
IsWindow
FindWindowA
SetFocus
SetForegroundWindow
ShowWindow
PostMessageA
IsWindowVisible
GetMenuItemID
VkKeyScanA
wsprintfA
FindWindowExA
MapVirtualKeyA
SendInput
VkKeyScanW

ws2_32

select
ioctlsocket
htonl
ntohl
inet_ntoa
gethostbyname
gethostname
inet_addr
sendto
setsockopt
listen
bind
accept
__WSAFDIsSet
WSAStartup
connect
send
recv
recvfrom
socket
htons
closesocket

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

advapi32

RegCloseKey
RegOpenKeyExA
GetUserNameA
IsTextUnicode
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocString

shell32

ShellExecuteA

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

msvcp60

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1ios_base@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Winit@std@@QAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0Init@ios_base@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

mpr

WNetCancelConnection2A
WNetUseConnectionA
WNetCancelConnectionA
WNetGetLastErrorA

rpcrt4

RpcMgmtStatsVectorFree
RpcMgmtInqStats
RpcMgmtIsServerListening
RpcStringFreeA
RpcMgmtSetComTimeout
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcBindingFree
NdrClientCall2

comctl32

ord17

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

66b60018b8d5644368533649dcbfe98f

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

wininet

advapi32

ole32

oleaut32

shell32

ntdll

msvcp60

mpr

rpcrt4

comctl32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 21KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 21KB