Behavioral task
behavioral1
Sample
88d1d53d90534451694f6f8a9351d7d5_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
88d1d53d90534451694f6f8a9351d7d5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
88d1d53d90534451694f6f8a9351d7d5_JaffaCakes118
-
Size
64KB
-
MD5
88d1d53d90534451694f6f8a9351d7d5
-
SHA1
c1b2618695df4c76ba4b2976a5659ec6d02e2da2
-
SHA256
4fe293e4ab71bf1e2085b4f2e9f7933cb4d84a859b1e1940ee821c961d9e6e01
-
SHA512
009e8d3cb57f3985c61dbbed4300ab80465b5fb6b24c20339a44dde219ae4af600c7169474b58753f1d855cffce8b2442196734a8e62134166d6b9da362cb153
-
SSDEEP
1536:0qIiLEbqSFB+N1lCQSMbQTV2QL1Xh0bbM697s/4PpCSD:V
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 88d1d53d90534451694f6f8a9351d7d5_JaffaCakes118
Files
-
88d1d53d90534451694f6f8a9351d7d5_JaffaCakes118.exe windows:4 windows x86 arch:x86
8b58a51c1fff9c4a944265c1fe0fab74
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
msvcrt
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
signal
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 68B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE