metasploit | JaffaCakes118_8a6e6303879a883c129058eb2e12c254

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8a6e6303879a883c129058eb2e12c254
Size

147KB
MD5

8a6e6303879a883c129058eb2e12c254
SHA1

462d28578f55169422f614574cc2a865c1c3b3d6
SHA256

f82ac97791ac1557cc6c9e4e53daed6f744b833c2a21058fc2e3bb6da1853672
SHA512

b4cf57c543a16d987cf83f1b38ed5a0abb4a87a18900adfed080cbcf16f576929f2986582ccce19d259ed777122e822d78fa0f0a4962167a8116b354956f27c1
SSDEEP

3072:PHX8WGA74KRLZ2rs164xHeWB4xYPOIgpM:PHX8hAbd2rsh4K8

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8a6e6303879a883c129058eb2e12c254

Files

JaffaCakes118_8a6e6303879a883c129058eb2e12c254
.exe windows:4 windows x86 arch:x86

7be47655038ebd16d5bb5c1bfa0c0a1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetVersionExA
GetTickCount
GetTempPathA
Sleep
GetLastError
CreateThread
lstrcmpiA
ExitThread
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
ExpandEnvironmentStringsA
ReleaseMutex
DeleteFileA
SetFileAttributesA
CreateMutexA
GetLocaleInfoA
LoadLibraryA
GetProcAddress
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
TerminateProcess
GetModuleFileNameA
TerminateThread
GetFileAttributesA
SetFileTime
GetFileTime
GetWindowsDirectoryA
CopyFileA
SetProcessPriorityBoost
SetThreadPriority
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
TransactNamedPipe
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
LockResource
LoadResource
SizeofResource
FindResourceA
GetSystemDirectoryA
OpenProcess
ExitProcess
GetStartupInfoA

advapi32

GetUserNameA

shell32

ShellExecuteExA
SHChangeNotify
ShellExecuteA

wsock32

connect
socket
sendto
select
recvfrom
WSAStartup
gethostname
inet_ntoa
ioctlsocket
closesocket
htons
setsockopt
bind
listen
gethostbyaddr
inet_addr
gethostbyname
shutdown

iphlpapi

GetAdaptersInfo

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_callnewh
fopen
fseek
fread
sscanf
_cexit
_controlfp
strcmp
_snprintf
strstr
strrchr
strchr
srand
atoi
sprintf
rand
strncpy
strcpy
strcat
free
memcpy
memset
malloc
strlen
_vsnprintf
??3@YAXPAX@Z
??_V@YAXPAX@Z
strcspn
strtok
_except_handler3
_strcmpi
strncat
memcmp

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7be47655038ebd16d5bb5c1bfa0c0a1a

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wsock32

iphlpapi

msvcp71

msvcr71

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 347KB

.rsrc Size: 101KB - Virtual size: 100KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 347KB

.rsrc
Size: 101KB - Virtual size: 100KB