metasploit | 41371f62de279d71243adc0e7dd7576007c2c4facff16def41c82fe638cb6fbe

Sharing

Copy URL

Twitter E-mail

General

Target

41371f62de279d71243adc0e7dd7576007c2c4facff16def41c82fe638cb6fbe
Size

104KB
MD5

99c15bb766322e35b3828db58c710825
SHA1

155a00446e0ac182e5c43280fc158307b119725b
SHA256

41371f62de279d71243adc0e7dd7576007c2c4facff16def41c82fe638cb6fbe
SHA512

db7de8d5a991a113c99e4b9afcec215b147949501b27ef730f8cc7f46901d3493b5eb577beeac62189e92b166d334593a9ef35ea466c07a55a5c15444e629088
SSDEEP

384:BEsh9I7mbooJBgwrgjIhXgAH0x199Sjvb99Sjvh:X9I7mZ3gwrvXgzF9Sbh9Sb

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://81.68.122.239:443/1Pfu

Signatures

Metasploit family
metasploit

Files

41371f62de279d71243adc0e7dd7576007c2c4facff16def41c82fe638cb6fbe
.exe windows x86

a79bc9eb75ef3ed28ac8237954edde3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertEnumSystemStore

kernel32

VirtualAlloc
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

user32

RegisterClassExW
EndDialog
CreateWindowExW
DestroyWindow
DefWindowProcW
GetMessageW
ShowWindow
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
LoadStringW
LoadIconW
LoadCursorW
LoadAcceleratorsW
EndPaint
BeginPaint
UpdateWindow
DialogBoxParamW
PostQuitMessage

vcruntime140

memset
__current_exception_context
_except_handler4_common
__current_exception

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
__acrt_iob_func
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_seh_filter_exe
_crt_atexit
_controlfp_s
terminate
_set_app_type
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_configure_wide_argv
_exit
exit
_initterm_e
_get_wide_winmain_command_line
_initialize_wide_environment
_initterm

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

a79bc9eb75ef3ed28ac8237954edde3f

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 512B - Virtual size: 456B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 512B - Virtual size: 456B