Extracted

• • Target

    dc2b0342367f39aa1cc4b26788aa0d87_JaffaCakes118

  • Size

    2.2MB

  • MD5

    dc2b0342367f39aa1cc4b26788aa0d87

  • SHA1

    842450ef62e58afff3b53acff4651d113431c32f

  • SHA256

    439616d95562533c1a605c03e7a9e89365d386fe5d0f20ac60ebfb054b6d1c2c

  • SHA512

    1a72d8d98b6c9cac23b42b5817afac911cf34b914eadc7d7b53ee4ff760a1a7fb1e5de95786a8f95b3c06c3bbcbd9d82a3bf48fada0f08729404951b93e741f9

  • SSDEEP

    49152:KqIBwxHE3gfNI6UrjBx+3TYPr/rfw/sFqwBFoyQO8N9VUpSJTHQMPa4:KqIBwxH+gezlx+jKr/bLowBFTQOC9Hu

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of SetThreadContext

  behavioral1behavioral2