Extracted

• • Target

    dc5d7997b5cbfce988a89644b844165c_JaffaCakes118

  • Size

    444KB

  • MD5

    dc5d7997b5cbfce988a89644b844165c

  • SHA1

    da1c2dee0eb7c90ba2db3ddd8a0022a7ae57ff80

  • SHA256

    7762352cca03d589ff9b6feb9f6cd82b8be53a25b35ac6acc03a3454c7c0f298

  • SHA512

    4ec1efb507d2514cb955a247e3ef87c252ed7266ecabd8a595ddc33ba99f1e7bef4dc6c2ffc75f4865c897ff7823a924885622ea6d2ab5faa620621eb61a5c1e

  • SSDEEP

    12288:kzYwKuEYUhoMO+xxmYrkwDDV69LMuo+DAX:MsZYUhoM/LmKotv0

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2