metasploit | bd620a5eed2401cbcc432dedefa54e5cba1eff731375aef729c73e25b54794c1

Sharing

Copy URL

Twitter E-mail

General

Target

bd620a5eed2401cbcc432dedefa54e5cba1eff731375aef729c73e25b54794c1
Size

28KB
MD5

353f5b88473fcaf6f76cfa11c868aac0
SHA1

38be0a845080e71b723cdf2188fbf39aaed42ff5
SHA256

bd620a5eed2401cbcc432dedefa54e5cba1eff731375aef729c73e25b54794c1
SHA512

f92ab042d4e5b1c14356fdb2b8878752d707b3d70addb40863d3c7a2240156c37db7561b4e03a77b2c4d6a725ed6b9b801f22c618aa7068c310bef97c7dd4b7d
SSDEEP

768:eNFnBPpwje6FNLhHKRgR3FtWaMYOR9q4xXEse:4nBT6FNLhHEm1tWhYM9quX9

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://182.61.26.130:889/9rpA

Attributes

headers User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Signatures

Metasploit family
metasploit

Files

bd620a5eed2401cbcc432dedefa54e5cba1eff731375aef729c73e25b54794c1
.dll windows x86

3ae1a9aa6ebd70dde2ca47cdd5dcebba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord1509

kernel32

CreateFileA
WriteFile
CloseHandle
CreatePipe
CreateProcessA
VirtualAlloc
FreeResource
GetModuleHandleA
LoadResource
LockResource
SizeofResource
GetStartupInfoA
FindResourceA
GetLastError
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
OutputDebugStringW

wininet

InternetConnectA
InternetOpenA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

dnsapi

DnsQuery_A
DnsFree

ws2_32

inet_ntoa

vcruntime140

memcpy
__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-string-l1-1-0

strcat_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
exit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

??0Cwwlib@@QAE@XZ
??4Cwwlib@@QAEAAV0@$$QAV0@@Z
??4Cwwlib@@QAEAAV0@ABV0@@Z
?fnwwlib@@YAHXZ
?nwwlib@@3HA
FMain
wdCommandDispatch
wdGetApplicationObject

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

3ae1a9aa6ebd70dde2ca47cdd5dcebba

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

wininet

dnsapi

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1008B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 1024B - Virtual size: 520B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1008B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 1024B - Virtual size: 520B