metasploit | cf3b39ccc0fc020802f40ee6eba3c1aa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf3b39ccc0fc020802f40ee6eba3c1aa_JaffaCakes118
Size

16KB
MD5

cf3b39ccc0fc020802f40ee6eba3c1aa
SHA1

6ffd498ea34e9ba4214c4509e9931811483bd640
SHA256

6b8ce44044a636cfd39164622e0a297f6eff77fc9a92d3b0a24317d922782e3a
SHA512

f66c43daca20d1efcd19c6cf469ef25ccb65f28c455df47ce2ffdb7c2eb6b82ce50b7b87968123b05e456e72227fddf4ac6d71b26a5f0935e9e91e87dd02508b
SSDEEP

192:t1DHKUglqW/3yYlTTE6AHIYYkvyFmccCDW:tQp/CYls6AHVZK8crS

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf3b39ccc0fc020802f40ee6eba3c1aa_JaffaCakes118

Files

cf3b39ccc0fc020802f40ee6eba3c1aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49f0371766ca501cd5568d9add765ee2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AllocConsole
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
malloc
signal

user32

FindWindowA
ShowWindow

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE