metasploit | cfcbb6472cac07ea138379578d80845b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfcbb6472cac07ea138379578d80845b_JaffaCakes118
Size

6KB
MD5

cfcbb6472cac07ea138379578d80845b
SHA1

e221af5c48fc8ee31d9f2860dba85f13e9f228a6
SHA256

9d2613b310e860432e0b705b7ab6f07c61697f677e6c331ee0a830ef7b6a739a
SHA512

c48587523a48b3e1d156598eb8edcc6670ed89a1a3a7749b4dbfbf6d5a5c1ce1726db6f369a929c8c89ecf8e1bd3670baa4a0038df59d75ffdce94cabd6531a5
SSDEEP

96:inxAtAdK5mEl6c/jRF7+vaXpZWJciQEvAJq8ImnDzNt:yWtAdKMEH/3maZEd7w1F

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

95.211.104.253:2255

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfcbb6472cac07ea138379578d80845b_JaffaCakes118

Files

cfcbb6472cac07ea138379578d80845b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\administrator\documents\visual studio 2015\Projects\ConsoleApplication5\ConsoleApplication5\obj\Release\ConsoleApplication5.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ