metasploit | JaffaCakes118_dbe7cdd62aaf7dcb315b4c0267a6c7add37b1c16d41f13f769193195fb7fb2e7

General

Target

JaffaCakes118_dbe7cdd62aaf7dcb315b4c0267a6c7add37b1c16d41f13f769193195fb7fb2e7
Size

3KB
MD5

e1bf08b3204acab486edf389bf7b5fb3
SHA1

3eaebe8ef14eed87fddb83a54fb446dd996c0eff
SHA256

dbe7cdd62aaf7dcb315b4c0267a6c7add37b1c16d41f13f769193195fb7fb2e7
SHA512

a8bd401dca39d5ec2a6215c538e23226bc7c2dc814a9859a1ac48825dc342d33c20edc1c61ac580b42b28b5bbd13fc795446e6f0e346677b31fe8e350aa2dff6

Score

10^/10

metasploit

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/reverse_tcp

C2

104.244.78.10:443

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/calc.bin

JaffaCakes118_dbe7cdd62aaf7dcb315b4c0267a6c7add37b1c16d41f13f769193195fb7fb2e7
.zip

Password: infected
calc.bin
.exe windows:4 windows x86 arch:x86

f9ade0aa18f660a34a4fa23392e21838

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE