metasploit | 0e1aa5bb7cdccacfa8cbfe1aa71137b361bea04252fff52a9274b32d0e23e3aa

Sharing

Copy URL

Twitter E-mail

General

Target

0e1aa5bb7cdccacfa8cbfe1aa71137b361bea04252fff52a9274b32d0e23e3aa
Size

304KB
MD5

212e208c9346bc876f03a3ea898b6236
SHA1

14f2b841f1fed067aad3e13007f9746fa0c26a56
SHA256

0e1aa5bb7cdccacfa8cbfe1aa71137b361bea04252fff52a9274b32d0e23e3aa
SHA512

298da93e147a4336610b550d49bce4a2defd30ec1a7839accd0d785da417e9a649972c75249c355fa77d1ec462fa4a97c132880d96f06a4d92f1f8c0e0bd4216
SSDEEP

6144:RCElzEuYJSuIznnP7cgDXAfnY4EpseVcWmO2yTw80WoABqzMoRXZWd2:RCA4uLnpqEpcWmO2yTw8EFZ

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

http://powershell.services:4443/gcG5TQhfRGHOuc-4kU_xsgS9Ttm6bUAjWnQGwohZ1G1OxNjG_NSVrE0AWjeqsBjNIDQQPEqA5DHxmlZxjkDzDI

Signatures

Metasploit family
metasploit

Files

0e1aa5bb7cdccacfa8cbfe1aa71137b361bea04252fff52a9274b32d0e23e3aa
.exe windows x86

58e6707dda8020468bb8f9a4f9194e0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
RegCreateKeyA
RegSetValueExA

user32

MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
FindWindowA
GetForegroundWindow
GetCapture
GetClipboardOwner
GetQueueStatus
GetCursorPos

kernel32

SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
InterlockedExchange
RtlUnwind
GetLocaleInfoA
SetFilePointer
GetCPInfo
GetOEMCP
GetTickCount
ReadFile
SetConsoleMode
GetConsoleMode
GetStdHandle
WriteFile
FreeLibrary
LoadLibraryA
GetProcAddress
CloseHandle
SetEvent
GetOverlappedResult
WaitForSingleObject
GetLastError
CreateEventA
CreateThread
GetVersionExA
GetSystemDirectoryA
FormatMessageA
GetSystemTimeAdjustment
GetSystemTime
GetProcessTimes
GetCurrentProcess
GetThreadTimes
GetCurrentThread
GlobalMemoryStatus
QueryPerformanceCounter
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
LocalFree
LocalAlloc
OpenProcess
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetCurrentThreadId
GetFileType
CreateProcessA
SetHandleInformation
CreatePipe
ClearCommBreak
SetCommTimeouts
SetCommState
GetCommState
CreateFileA
SetCommBreak
DeleteFileA
GetEnvironmentVariableA
GetLocalTime
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleA
TerminateProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
FlushFileBuffers
WideCharToMultiByte
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetACP

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

58e6707dda8020468bb8f9a4f9194e0a

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.text Size: 216KB - Virtual size: 214KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 5KB