metasploit | JaffaCakes118_665378cf12ee94faaa2177e3d3197c00

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_665378cf12ee94faaa2177e3d3197c00
Size

412KB
MD5

665378cf12ee94faaa2177e3d3197c00
SHA1

9065671b810b73e951873fb9e5e4aceb62c990fc
SHA256

30d810629aac7049b4526396b3d4e4c78df7b5c40e03e397b344e03474a49b3e
SHA512

3c84c6525d6c2aa9f8d35345c408d02f072fc894a17a9026ace6bee6411328274953310d962d5325c4ec7934e0047c273ce2993d03d215e7504a9478b54a6e5f
SSDEEP

6144:+PNZ95qdazh681R6RXbBuaHHZTM52O89/soNdjk0OvyuNGf8WZ///Hwz:+Pf95U0hXKRAk5TMcOCdLkxvGf8WK

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_665378cf12ee94faaa2177e3d3197c00

Files

JaffaCakes118_665378cf12ee94faaa2177e3d3197c00
.exe windows:4 windows x86 arch:x86

9201552352d858917aaaa6eb5d8a5bd7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

PropertySheetA
PropertySheetW
InitCommonControlsEx
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_Destroy

comdlg32

GetOpenFileNameA
GetOpenFileNameW

mpr

WNetAddConnection2W
WNetOpenEnumA
WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceA
WNetEnumResourceW
WNetGetResourceParentA
WNetGetResourceParentW
WNetGetResourceInformationA
WNetGetResourceInformationW
WNetAddConnection2A

gdi32

DeleteObject

oleaut32

VariantCopy
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

ole32

OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
CoInitialize
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
CoUninitialize
DoDragDrop

user32

GetWindowTextLengthW
GetDialogBaseUnits
SystemParametersInfoA
DialogBoxParamA
GetWindowTextW
GetWindowTextLengthA
GetWindowTextA
SetWindowTextW
SetWindowTextA
CreateWindowExW
RegisterClassW
RegisterClassA
SendMessageW
LoadStringW
LoadStringA
AppendMenuW
AppendMenuA
InsertMenuItemA
InsertMenuItemW
SetMenuItemInfoA
SetMenuItemInfoW
GetMenuItemInfoA
GetMenuItemInfoW
CharPrevA
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
CharLowerW
CharLowerA
CharUpperW
CharUpperA
KillTimer
SetCursor
wsprintfA
SetDlgItemTextA
MapDialogRect
ClientToScreen
GetMenuItemCount
TrackPopupMenuEx
GetCursorPos
ScreenToClient
IsWindowEnabled
ChildWindowFromPointEx
WindowFromPoint
RegisterClipboardFormatA
PostMessageA
SetWindowLongW
InvalidateRect
UpdateWindow
SetTimer
MapVirtualKeyA
CallWindowProcW
CallWindowProcA
GetKeyState
EnableMenuItem
RemoveMenu
CheckMenuRadioItem
CheckMenuItem
GetMenu
LoadMenuA
SetMenu
DrawMenuBar
CreatePopupMenu
GetSubMenu
DestroyMenu
GetParent
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
GetDlgItem
GetWindowRect
MoveWindow
IsZoomed
GetClientRect
MessageBoxW
ReleaseCapture
SetCapture
GetCapture
DefWindowProcW
DefWindowProcA
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DispatchMessageA
LoadIconA
LoadCursorA
GetWindowPlacement
SetWindowPlacement
PostQuitMessage
EndDialog
EnableWindow
ShowWindow
LoadBitmapA
CreateWindowExA
DestroyWindow
GetWindowLongA
SetWindowLongA
SetFocus
SendMessageA
DialogBoxParamW
GetClassInfoA
GetClassInfoW

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
GetUserNameW
RegCreateKeyExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHFileOperationA
ShellExecuteA
ShellExecuteExA
SHGetFileInfoA
SHChangeNotify
DragFinish
DragQueryFileA
SHGetPathFromIDListA
DragQueryFileW
SHBrowseForFolderA
SHGetDesktopFolder

msvcrt

memcmp
__setusermatherr
_initterm
__getmainargs
_acmdln
_controlfp
__set_app_type
__p__fmode
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
strlen
wcsncmp
rand
srand
__p__commode
free
malloc
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
_purecall
memset
memmove
memcpy
_wcsicmp
wcslen

kernel32

EnterCriticalSection
GetStartupInfoA
InitializeCriticalSection
SetEvent
VirtualFree
VirtualAlloc
CreateEventA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetStdHandle
HeapAlloc
GetProcessHeap
HeapFree
GetDiskFreeSpaceA
GetVolumeInformationW
GetVolumeInformationA
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
FileTimeToSystemTime
CreateProcessA
CreateProcessW
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
CreateFileA
GetLogicalDriveStringsW
GetLogicalDriveStringsA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindCloseChangeNotification
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
MoveFileW
RemoveDirectoryW
SetFileAttributesW
MoveFileA
RemoveDirectoryA
SetFileAttributesA
SetLastError
CreateFileW
SetFileTime
GetWindowsDirectoryW
GetWindowsDirectoryA
FormatMessageW
FormatMessageA
LocalFree
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryW
LoadLibraryExW
LoadLibraryExA
WideCharToMultiByte
MultiByteToWideChar
GetDriveTypeA
GetCurrentProcess
SetPriorityClass
lstrcatA
lstrlenA
GetTickCount
FileTimeToLocalFileTime
WaitForMultipleObjects
Sleep
CloseHandle
CompareFileTime
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
GetSystemDefaultLangID
GetUserDefaultLangID
AreFileApisANSI
GetModuleHandleW
CopyFileW
GetModuleHandleA
CopyFileA
WaitForSingleObject
FindNextChangeNotification
GetCompressedFileSizeW
LoadLibraryA
FreeLibrary
GetCommandLineW
GetVersionExA
GetProcAddress
DeleteCriticalSection
GetLastError
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9201552352d858917aaaa6eb5d8a5bd7

Headers

File Characteristics

Imports

comctl32

comdlg32

mpr

gdi32

oleaut32

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 45KB - Virtual size: 44KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 45KB - Virtual size: 44KB