Behavioral task
behavioral1
Sample
5a11912323bb56bd68bb1982a16ed2ea_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5a11912323bb56bd68bb1982a16ed2ea_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5a11912323bb56bd68bb1982a16ed2ea_JaffaCakes118
-
Size
22KB
-
MD5
5a11912323bb56bd68bb1982a16ed2ea
-
SHA1
fb752bd27b8ed96f72b8946865cc4e587e8d8d59
-
SHA256
a407172eb03f8e02a505f262c5ba75dc73cf4f898c7862ca6394fdf0fd687e78
-
SHA512
a6373d414173a3837d52cdca4cf4b9ec660ff6c484a32e59f1be6d314f5316bbb20e633435a4c120171182e91170b27b1807abaff4c3b8bef4bda81fec063a54
-
SSDEEP
384:wlKjzEO8TXy9knK4WKgnINcxUMHHur+z/2l4qTtpBvwF:FjzE1TXy9WlWNxUMurplpk
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5a11912323bb56bd68bb1982a16ed2ea_JaffaCakes118
Files
-
5a11912323bb56bd68bb1982a16ed2ea_JaffaCakes118.exe windows:4 windows x86 arch:x86
8b58a51c1fff9c4a944265c1fe0fab74
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
msvcrt
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
signal
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 68B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE