metasploit | c97dde31983f454e54e30799be1040dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c97dde31983f454e54e30799be1040dc_JaffaCakes118
Size

105KB
MD5

c97dde31983f454e54e30799be1040dc
SHA1

fff0a3ec340bc460bd33444ee05cef66072aa4bd
SHA256

1d5a630a8f729297df77d2410d8fa0b460d74c4c2a0d5e4fe51c6093c4687f03
SHA512

0dcb4da1c598cfbffbe5bdc3adf293b3344b70d2e2f2f33c1f750a674850ddb3e1cb105975154f00bdfa72180fee0ae5372342e47d24e415bf3a0cc1b689b682
SSDEEP

1536:hVOAhkZ3ETWX53a8EdWbA+AQl5Qe4NHOYliuTWDubHD6M3keKa7hL/jZCHzxZj8K:ih

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c97dde31983f454e54e30799be1040dc_JaffaCakes118

Files

c97dde31983f454e54e30799be1040dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b58a51c1fff9c4a944265c1fe0fab74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
signal

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 68B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE