metasploit | 1761018eeaea7c9084b2e321775a81c6_JaffaCakes118

General

Target

1761018eeaea7c9084b2e321775a81c6_JaffaCakes118
Size

17KB
MD5

1761018eeaea7c9084b2e321775a81c6
SHA1

e079d20bfc0b21fd063eaabbf7a8678ae92174bf
SHA256

b83564d15f58c928fb7c69c2396ecaf4b2f2983f8d5ca4052fc5fa1f00d709fe
SHA512

b3915bccf6dedc7ad82893ffb8ac6dfa644b1ce0338375862bb684fcd8247418263081e44a34959bc576a25c059aaf8c321da27e3f16bea91343530729983d6b
SSDEEP

192:hIA/CJwTieIHmYZzneiW7FqIOzZDWNPPMiwvXZFgeroC4V:6QCJwuxmCKiWwI4DWdMzBqerfi

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.10.10.136:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1761018eeaea7c9084b2e321775a81c6_JaffaCakes118

Files

1761018eeaea7c9084b2e321775a81c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1470a0ba50e09d10917bc409c9f0af94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
fwrite
malloc
memcpy
memset
signal
vfprintf

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

1470a0ba50e09d10917bc409c9f0af94

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 620B

.rdata Size: 512B - Virtual size: 364B

.bss Size: - Virtual size: 196B

.idata Size: 1024B - Virtual size: 724B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 620B

.rdata
Size: 512B - Virtual size: 364B

.bss
Size: - Virtual size: 196B

.idata
Size: 1024B - Virtual size: 724B