Behavioral task
behavioral1
Sample
a05f623ac9123de4ade43ddc0e225084_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a05f623ac9123de4ade43ddc0e225084_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
a05f623ac9123de4ade43ddc0e225084_JaffaCakes118
-
Size
13KB
-
MD5
a05f623ac9123de4ade43ddc0e225084
-
SHA1
8de08fa9229de37231efa04a07df57587298756f
-
SHA256
a37f99108794481e640d5db82c1c49fdcca464a572050952d54efdc3db2afa49
-
SHA512
2b62739b7251125666f4440e3297e8ec571c2fc7f9e69eeb788c0b0d1d9493fb1efaeb7baa362c83631843bebe441b1d2b796dc0a142562a7583226c0a77d557
-
SSDEEP
384:Sy7qIOKOEL5wJaN+EfnWjqjUoEkG3/ES7:nqIHLoaNL/CzMG3/D7
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a05f623ac9123de4ade43ddc0e225084_JaffaCakes118
Files
-
a05f623ac9123de4ade43ddc0e225084_JaffaCakes118.exe windows:4 windows x86 arch:x86
f9ade0aa18f660a34a4fa23392e21838
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
ExitProcess
Sections
.text Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE