metasploit | c1b3a602a5d5912580fc871ea01f07e8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1b3a602a5d5912580fc871ea01f07e8_JaffaCakes118
Size

488KB
MD5

c1b3a602a5d5912580fc871ea01f07e8
SHA1

9f4fb712d2bf1cc50910a5f469dd2a2625181722
SHA256

0ae3240c17edda49120700eb6c7aa6fd8446f528e86388b64f9a62e728c04be5
SHA512

7f46430dc12bc9dd8d36d7d69132a81d3d568a7d216c8e6fb2b253e158ab64055d572733b858f030ece41cadc950ca3c51379c359d3898d15ea5193e92dd8b89
SSDEEP

12288:OBCEbJmmLfR20AdxJ9IqO4z1o318VZmcNRa0EA:OBNTfR3Wx7IqO4z1hVZjNU

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b3a602a5d5912580fc871ea01f07e8_JaffaCakes118

Files

c1b3a602a5d5912580fc871ea01f07e8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0sbwrh5s
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6d6bgm86
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6bji7v5b
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE