metasploit | 41a7857a438c91e343418bdd5359b878_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41a7857a438c91e343418bdd5359b878_JaffaCakes118
Size

80KB
MD5

41a7857a438c91e343418bdd5359b878
SHA1

c9da5f6b2aa2571a2edc7205964bd1cc04f9b980
SHA256

cdcd82c7b66fb345425583e90ce18db538b873a78fed5c6eeee4d99ffcf52fbd
SHA512

58c164457f222025b6faec4f0253f0c512944fb9045a026ed846239c696d1150a0b370c7dd8757e30915792e59777bf0fddc4caad673e5419402f74f5145fd31
SSDEEP

1536:l4BVfBHSDGSRY0o1TvOkxXT0SssCY55ooV02wKkfqyGyiXG99j6fTDcfI7D:vq

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41a7857a438c91e343418bdd5359b878_JaffaCakes118

Files

41a7857a438c91e343418bdd5359b878_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b58a51c1fff9c4a944265c1fe0fab74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
signal

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 68B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE