metasploit | 42584a66eedbdf91d8dc25f01e6761d0_JaffaCakes118 | Triage

Sharing

General

Target

42584a66eedbdf91d8dc25f01e6761d0_JaffaCakes118
Size

7KB
MD5

42584a66eedbdf91d8dc25f01e6761d0
SHA1

794469638f3f5bd891a19cdc776e25e4f07ddfbb
SHA256

1ab2a38dc1c50a0abdda98364c62422fcc918beff8541fb7c2f0edbf8785267d
SHA512

b71919ef008b5116a8fa8d6e534302945844ec5ca20ebe80f320fd5a40c72cbc14ae86632d40dd0031ef013d937584e6b0a063ea2d7cf7b2c0f07ae7d2ce830d
SSDEEP

192:BFjYzGE/3tT/hi8SaSzedFiPNhk1eCXiwtVq7frWVfRqhw6FjchP4oyn:lE/3t/8LaJKNh9qVf0h6N4

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42584a66eedbdf91d8dc25f01e6761d0_JaffaCakes118

Files

42584a66eedbdf91d8dc25f01e6761d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c44db93296ffa64a1e58bd819a6d140

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_XcptFilter
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
system
sprintf
printf
_snprintf
__p__commode
malloc

kernel32

CreateThread
ExitThread
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection

ws2_32

closesocket
recv
send
connect
htons
inet_addr
socket
WSAStartup
gethostbyname
gethostname

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE