metasploit | 11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa

Sharing

Copy URL

Twitter E-mail

General

Target

11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa
Size

58KB
MD5

9329985551d50c0a858d50668f714774
SHA1

b0346c80e1343c9060ad52360fe57ada0860ea9f
SHA256

11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa
SHA512

30d06dd4badbe5c44829a8b64e772637d852e2d933781f6bf06705186d3e430b994e674746969b36b18e8fcba3bfed8705c3f7ce7cfff61219a0f169a068bf31
SSDEEP

1536:PlN38p+7M1UX39mHHQTq1RV57ea4EfVlOa5Cyj:Pl57fXC1RV57efEfz5Cyj

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Files

11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa
.exe windows x86

9af0cbae0c5fff13955e7a346179c09c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
TerminateProcess
SetFileAttributesA
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetModuleFileNameA
GetModuleHandleA
ExitProcess
GetTempPathA
GetVersionExA
GetTickCount
WaitForSingleObject
GetLastError
ExpandEnvironmentStringsA
CreateThread
lstrcmpiA
ExitThread
QueryPerformanceCounter
QueryPerformanceFrequency
CreateProcessA
WriteFile
CreateFileA
GetLocaleInfoA
LoadLibraryA
GetProcAddress
Module32Next
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
GetCurrentProcess
ReleaseMutex
CreateMutexA
TerminateThread
GetFileAttributesA
CopyFileA
ReadFile
SetFilePointer
lstrlenA
GetFileSize
GetSystemTime
GlobalFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TransactNamedPipe
OpenProcess
ReadProcessMemory
CloseHandle
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoA
InterlockedDecrement
Sleep

user32

FindWindowA
keybd_event
BlockInput
CloseClipboard
ShowWindow
EmptyClipboard
OpenClipboard
VkKeyScanA
SetFocus
SetForegroundWindow
SendMessageA
GetWindowTextA
FindWindowExA
IsWindow
CharLowerA
IsWindowVisible
SetClipboardData

msvcrt

_CxxThrowException
wcslen
_controlfp
__set_app_type
__p__fmode
__p__commode
memset
strstr
strcat
strcmp
getchar
strcpy
_strlwr
strrchr
_snprintf
rand
srand
atoi
strncpy
sprintf
strncat
strlen
strchr
memcpy
free
malloc
_vsnprintf
??2@YAPAXI@Z
__CxxFrameHandler
strtok
memcmp
_except_handler3
sscanf
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
??1type_info@@UAE@XZ

advapi32

RegCloseKey
GetUserNameA
RegCreateKeyExA
RegSetValueExA

ws2_32

WSAStartup
closesocket
sendto
socket
ioctlsocket
connect
WSACleanup
WSASocketA
setsockopt
htons

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantClear
GetErrorInfo
SysAllocString

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

9af0cbae0c5fff13955e7a346179c09c

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

ws2_32

ole32

oleaut32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 15KB - Virtual size: 290KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 15KB - Virtual size: 290KB