metasploit | JaffaCakes118_7e6494c66aec5df8b670912319e188d42cbba3ef3103fa6125898704930b5c0c | Triage

Sharing

General

Target

JaffaCakes118_7e6494c66aec5df8b670912319e188d42cbba3ef3103fa6125898704930b5c0c
Size

5KB
MD5

2e7010d0c46d59952e3282cea8b719fc
SHA1

6743bd305a5f43bc061286db1f9397b18e1917f6
SHA256

7e6494c66aec5df8b670912319e188d42cbba3ef3103fa6125898704930b5c0c
SHA512

76b2e42af687146cbb9c624323a82e41ca67a4a56cdd081cd0502968e7615ac64ebb6b0453011c4386601e876505082af0ac766440c8b9d4d4341c39bb333bdb
SSDEEP

24:ev1GSFGFajE/K3tQ3zSaJ2IkM6Pv617s3h/LjpKpuMA6CuvhIAND/sa:qFGFajFK3zSIe7h/TMpCuvxNrsa

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_bind_tcp

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7e6494c66aec5df8b670912319e188d42cbba3ef3103fa6125898704930b5c0c

Files

JaffaCakes118_7e6494c66aec5df8b670912319e188d42cbba3ef3103fa6125898704930b5c0c
.dll windows:6 windows x86 arch:x86

22647e5b96f2de81d003f25d98d7d2dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory

Sections

.text
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ