metasploit | fa3d0ac17f308e88d9f2291749790461_JaffaCakes118

General

Target

fa3d0ac17f308e88d9f2291749790461_JaffaCakes118
Size

5KB
MD5

fa3d0ac17f308e88d9f2291749790461
SHA1

e5f9412b346b3fe42390c34bc0aa44394446ca05
SHA256

77793c58346aa552baef144439e29876a8b78c12ef6964699bad63448c2a4efe
SHA512

feab0b362d13745371e87c41bcdbd2008b8a6ed2068aec45c10549e5fdbea64159fe8200ef7b4451c1dd07c05b4a2db659003fc2d59344465e27c72a3e59eec9
SSDEEP

48:6e3oxJYVORUF4RbIr5knJPlvuLB114/WTJkio9:hcRUSf4p4eVto

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.244.131:12345

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa3d0ac17f308e88d9f2291749790461_JaffaCakes118

Files

fa3d0ac17f308e88d9f2291749790461_JaffaCakes118
.dll windows:1 windows x86 arch:x86

dd3e4671a94e5f863a9ffca69e764e25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetLastError
HeapAlloc
HeapCreate
RtlUnwind
VirtualProtect
CreateThread

user32

MessageBoxA

crtdll

_fdopen
_open_osfhandle
_sleep
fclose
_cexit
malloc
memcpy
raise
setbuf

Exports

Exports

LibMain
install

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 492B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 700B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

dd3e4671a94e5f863a9ffca69e764e25

Headers

File Characteristics

Imports

kernel32

user32

crtdll

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 492B - Virtual size: 492B

.idata Size: 700B - Virtual size: 700B

.reloc Size: 156B - Virtual size: 156B

.edata Size: 88B - Virtual size: 88B

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 492B - Virtual size: 492B

.idata
Size: 700B - Virtual size: 700B

.reloc
Size: 156B - Virtual size: 156B

.edata
Size: 88B - Virtual size: 88B