metasploit | e435b6f60ed68fe29ad76ba055220264_JaffaCakes118 | Triage

Sharing

General

Target

e435b6f60ed68fe29ad76ba055220264_JaffaCakes118
Size

600KB
MD5

e435b6f60ed68fe29ad76ba055220264
SHA1

b9717d62e82e0f85a94672fd033e63ab876a7e61
SHA256

e626e340cf2cdd3e55b21b122056d3f3ef880bcffcef4abc0659ff48d3eb3f4d
SHA512

571ef5cc5d2c3a017ccfcbb52892b4c7946b6df2161dd3f24408bb8b8d55a9a91b6c68a1377f884cf28b71d21fe7aa637b361deda98a011cfa0e1c4f55bf237b
SSDEEP

12288:OtGXSmp9GRnlPQk04nQGWPv9p0Ijqfh3CfjRhNXXUtGSvCEafw:H+IkTQVnf0eq5hGS6Eyw

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e435b6f60ed68fe29ad76ba055220264_JaffaCakes118

Files

e435b6f60ed68fe29ad76ba055220264_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zwt
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE