Extracted

• • Target

    26e33a11e1ffa408922c851e218c5de0_JaffaCakes118

  • Size

    92KB

  • MD5

    26e33a11e1ffa408922c851e218c5de0

  • SHA1

    a9e5aa65590d015009dc27889c79fab8f87ec4ca

  • SHA256

    e3d38fb1aac30b1a8385cea8a54baed3f4e91e24a2b9268788a88fc191852f87

  • SHA512

    6d3add5efc085bc85a7a80803a4fd2199546eb8cc885e0650352976645774d86373c476aa5bd3235924eb18060a4dcb4073b5ac4a169310dbf706e4226f6acee

  • SSDEEP

    1536:iSquE20GQ1iScNzs3WspqWKlUNpchN2sqyNmIewqOhz93NvWv39rby8OBcvf:lCcNXJcNyhYXIBpJ35ih28XH

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2