metasploit | af2350209230ae5221e8c2b7ac394230_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af2350209230ae5221e8c2b7ac394230_JaffaCakes118
Size

496KB
MD5

af2350209230ae5221e8c2b7ac394230
SHA1

9e160bdb6f10f736c5e9cab81ea99bb8bd7e5d0a
SHA256

af0a4fc45bbabf292687d17e13e64f087b81863c17db50e03de24ca17e7cac81
SHA512

b5d03a7e429ad83bfdaa98aa6ea2d7c56c4a984ebe37ad6ac74c3a0d16c7ed26e357fbb2d99bc5daebfa3555f225d7c2d4f5739450895f15e2aefdf79bceff89
SSDEEP

12288:kv/g0R9zceIPxU+Oox5w0zV6E+adSExns:p7P3Oox5w0p+aAEx

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af2350209230ae5221e8c2b7ac394230_JaffaCakes118

Files

af2350209230ae5221e8c2b7ac394230_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

l5bqmkpr
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

v6xzqaq7
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

y61ql703
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE