metasploit | b15ddf80610593486939e5281356addb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b15ddf80610593486939e5281356addb_JaffaCakes118
Size

1.8MB
MD5

b15ddf80610593486939e5281356addb
SHA1

fd3332706253e444e40af704e933612d3364ac8e
SHA256

3e64361b55aa5a3cf73d83f2da39801155f646a55bf806539ec60e6542832ede
SHA512

293d034e8a5f621e91ff30f3a8bfc62be1ae98f136054251d9cbd9b0b963b7062bc78f9841db953a4c214974a54aa4e32aaa9d44e60aedd4de6e9cab28f5f10a
SSDEEP

24576:GqXZ/qXi2wx1pL2NboUIdAuNaHBwyY84pT+1yUoG1S+1nhEcLz:Gq4iZ14NbZtuN6tIixbhEu

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b15ddf80610593486939e5281356addb_JaffaCakes118

Files

b15ddf80610593486939e5281356addb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Virus
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE