metasploit | fd0601419d4bd825025715b4f636f987_JaffaCakes118

General

Target

fd0601419d4bd825025715b4f636f987_JaffaCakes118
Size

20KB
MD5

fd0601419d4bd825025715b4f636f987
SHA1

728ff9546a44131cb210cfa0a49db630771d5f80
SHA256

327fd0167c1cfdef5aa4a39578c73d98b2847b5075bda17b417056dc2aec89ad
SHA512

c674851ee27bf14107fa2b8006d17fc0453d634d221c3c3c27639bdf4b1c5312e6519fbb637a301ea514d0e77690fc43f29b1b3f66300e804ca3fbfd6270898c
SSDEEP

96:DxmkDiMlCv45kDphvCkEPaBdkDmQbHplOYnpMiuygqHy1YH0jWzpV+lpKC7tlZIt:tmTcCiehqraXWmZAy1CUWb6pl

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

127.0.0.1:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd0601419d4bd825025715b4f636f987_JaffaCakes118

Files

fd0601419d4bd825025715b4f636f987_JaffaCakes118
.exe windows:5 windows x86 arch:x86

369087d6e2e4085b5f6676dfdc368558

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Downloads\SecTests\Debug\shelltest.pdb

Imports

msvcr90d

_exit
_XcptFilter
_cexit
exit
__initenv
_CrtSetCheckCount
_CrtDbgReportW
_initterm
_initterm_e
__getmainargs
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_crt_debugger_hook
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
memset
strlen
memcpy
printf
system

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

369087d6e2e4085b5f6676dfdc368558

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90d

kernel32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 676B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 676B