Static task
static1
Behavioral task
behavioral1
Sample
03f5871cfc4eb2d02a954312eef2e41d0218fbd90dc4c5e0d27e6442e632a6a6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
03f5871cfc4eb2d02a954312eef2e41d0218fbd90dc4c5e0d27e6442e632a6a6.exe
Resource
win10v2004-20220414-en
General
-
Target
03f5871cfc4eb2d02a954312eef2e41d0218fbd90dc4c5e0d27e6442e632a6a6
-
Size
1.5MB
-
MD5
61adcc8b5d933350e63d4d746c6aa7fa
-
SHA1
0c5b69a1fc0262fe028b5042e0ce5c0edd9152d9
-
SHA256
03f5871cfc4eb2d02a954312eef2e41d0218fbd90dc4c5e0d27e6442e632a6a6
-
SHA512
16d4a865f796194e0967980aa2ef879744168c9c65b553e2cdf766cb640dacba742798a05ae6be028a0ac908a5e073bfde9de4dfb9fa9f099317cfecf1fc3be2
-
SSDEEP
6144:FxHVOTfuVLbBUpuyVMbsJ4qNporbwOj8q/BBFrHMObAnTjy6Vgg1hD46NporbwOb:vVbtBUpuyV71e1
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
Metasploit family
Files
-
03f5871cfc4eb2d02a954312eef2e41d0218fbd90dc4c5e0d27e6442e632a6a6.exe windows x86
6bccd2c01c60770e0aec3a24b3935354
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
kernel32
GetTickCount
QueryPerformanceFrequency
GetCommandLineW
MulDiv
GetModuleHandleW
FindResourceW
SizeofResource
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetSystemInfo
GetVersionExA
IsProcessorFeaturePresent
GetProcAddress
OutputDebugStringA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
Sleep
LockResource
LoadResource
LoadLibraryA
gdi32
SelectObject
CreateBitmap
CreateCompatibleDC
GetStockObject
GetDIBits
SetBkColor
SetTextColor
BitBlt
DeleteObject
DeleteDC
ExcludeClipRect
CreateFontW
GetDeviceCaps
user32
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
DefWindowProcW
KillTimer
SetTimer
EndPaint
BeginPaint
SetCursor
UnionRect
SetWindowPos
FillRect
SystemParametersInfoW
DrawTextW
ScreenToClient
InvalidateRect
UpdateWindow
SetRect
LoadCursorW
LoadIconW
RegisterClassW
AdjustWindowRect
CreateWindowExW
GetClientRect
EnumDisplaySettingsW
IntersectRect
OffsetRect
LoadStringW
GetDC
EnumDisplayMonitors
PeekMessageW
SystemParametersInfoA
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SetRectEmpty
MessageBoxW
msvcrt
rand
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
srand
time
_ftol2_sse
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_ftol2
_CIsqrt
__p__commode
__p__fmode
__set_app_type
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
_CIatan2
_CIsin
_finite
memcpy
iswdigit
_CIacos
qsort
_vsnwprintf
_wtol
_purecall
?terminate@@YAXXZ
comctl32
ord344
InitCommonControlsEx
ole32
CoInitializeEx
CoUninitialize
d3d9
Direct3DCreate9
winmm
timeGetTime
Sections
.text Size: 129KB - Virtual size: 129KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 33KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 675KB - Virtual size: 675KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 675KB - Virtual size: 675KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ