metasploit | 491a14bec3d2ae4a0984859a8d773607_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

491a14bec3d2ae4a0984859a8d773607_JaffaCakes118
Size

51KB
MD5

491a14bec3d2ae4a0984859a8d773607
SHA1

b223a3f4c445b7b62d7613e630d393b548a56ff2
SHA256

0e54a7551402e376ae127e02a4247952318e956daef644497a8fda0d07e0634c
SHA512

2f343c06b63c56051899fe0504dbb9d8afbf34631844b1125447393001f586c03e20078246291d60971181e4f96b8b0a71b738bec348a49fee1340ec986a4458
SSDEEP

768:CMVh/oQetYG+eqeB5NuJq3iCroPrPAL6quips+xoSU/LhLqC5xGFeey:l/XsL+c5d34LRqJ6ZzDwUuy

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

74.86.126.113:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
491a14bec3d2ae4a0984859a8d773607_JaffaCakes118

Files

491a14bec3d2ae4a0984859a8d773607_JaffaCakes118
.exe windows:1 windows x86 arch:x86

246667c7894354b09bdd4b0924ff921a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind

user32

MessageBoxA

crtdll

_iob
_itoa
__GetMainArgs
_strnicmp
abort
exit
fputc
fwrite
localeconv
memcpy
memmove
memset
pow
raise
signal
strcat
strchr
strtol
wcslen
wctomb

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 608B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 760B - Virtual size: 760B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE