C:\Users\Hoot\source\repos\Project1\x64\Release\Project1.pdb
Behavioral task
behavioral1
Sample
4ddfd6cd5406438b0509c2ef93695c8b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4ddfd6cd5406438b0509c2ef93695c8b_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
4ddfd6cd5406438b0509c2ef93695c8b_JaffaCakes118
-
Size
95KB
-
MD5
4ddfd6cd5406438b0509c2ef93695c8b
-
SHA1
d62c738b4cfedd6183a4cd8aac3d2c196458a9b1
-
SHA256
17c00950c9cc473b2b11d6c80c254f60b406c3d4d5d7130d48a448790588e625
-
SHA512
c6aa26e7ba10d6ae2b301a29c8a3be476631f3f5449f7470b00c85f323844222c06c0a96e5490dea50cb9db82e3209e1afbde90e44baba0bbbb925bb55ac795d
-
SSDEEP
1536:zKy3c3U9Com3I64SSp+sI+3KaAUSQqjsWwd09dlpXaya/:zKys3RZ3dcfI+3KrQ1MHXj
Malware Config
Extracted
metasploit
metasploit_stager
192.168.0.102:4444
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 4ddfd6cd5406438b0509c2ef93695c8b_JaffaCakes118
Files
-
4ddfd6cd5406438b0509c2ef93695c8b_JaffaCakes118.exe windows:6 windows x64 arch:x64
2adb8da7be87c733bf37f105fc8db87b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
VirtualAlloc
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
Sections
.text Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ