main
General
-
Target
8013616139.zip
-
Size
134KB
-
MD5
1d4aa4cd08eb8815531c751d6f1809a9
-
SHA1
ce5f45163a469cdbe14c01ee401d6803ebb2857a
-
SHA256
ab45cbc07d7bc35bd40dae8aaf41824dea8cd1175b41bb45b1648a721d6e3c33
-
SHA512
a2027f49323cc080bdea9083aabcbfaab4ddd23da7f82bfe9251f6a6263fe22a5715b66e07a8c643bcd5882cff2d32edabc88d722a8d53f129c9ba0725e6b674
-
SSDEEP
3072:TrmLGCY5CwdHHYv5sqzmJuwxmS/xEFPdeGS5FfVSqaLzyLpyhqM:2LGCY51dH4vBmJxPxOPde35FtSTuLTM
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
ps1.dropper
http://128.199.6.246/fgt.dll
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
128.199.6.246:3432
Extracted
Family
metasploit
Version
encoder/call4_dword_xor
Signatures
-
Metasploit family
Files
-
8013616139.zip.zip
Password: infected
-
2b1a82e666b8e418cbcb25ca8ddcc7858ac78454956f0296db14cb13e4e73ca2.zip
Password: infected
-
DLL.dll.dll windows x86
Password: infected
da7a59a5f49c9d3c43022a76c2933a90
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualAlloc
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
GetCurrentThreadId
GetProcAddress
msvcp140d
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
vcruntime140d
memcpy
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memset
_except_handler4_common
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
ucrtbased
_wsplitpath_s
wcscpy_s
_initterm_e
terminate
_CrtDbgReport
strlen
_invalid_parameter
_wmakepath_s
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
malloc
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
__stdio_common_vsprintf_s
strcpy_s
strcat_s
_callnewh
_initterm
_free_dbg
_CrtDbgReportW
_initialize_onexit_table
Sections
.textbss Size: - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 512B - Virtual size: 305B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 806B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
drc.ps1
-
fg.exe.exe windows x86
Password: infected
481f47bbb2c9c21e108d65f52b04c448
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_iob
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
wcsncmp
_close
wcslen
wcscpy
strerror
modf
strspn
realloc
__p__environ
__p__wenviron
_errno
free
strncmp
strstr
strncpy
_ftol
qsort
fopen
perror
fclose
fflush
calloc
malloc
signal
printf
_isctype
atoi
exit
__mb_cur_max
_pctype
strchr
fprintf
_controlfp
_strdup
_strnicmp
kernel32
PeekNamedPipe
ReadFile
WriteFile
LoadLibraryA
GetProcAddress
GetVersionExA
GetExitCodeProcess
TerminateProcess
LeaveCriticalSection
SetEvent
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetFileType
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentProcess
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
FormatMessageA
GetLastError
WaitForSingleObject
CreateEventA
SetStdHandle
SetFilePointer
CreateFileA
CreateFileW
GetOverlappedResult
DeviceIoControl
GetFileInformationByHandle
LocalFree
advapi32
FreeSid
AllocateAndInitializeSid
wsock32
getsockopt
connect
htons
gethostbyname
ntohl
inet_ntoa
setsockopt
socket
closesocket
select
ioctlsocket
__WSAFDIsSet
WSAStartup
WSACleanup
WSAGetLastError
ws2_32
WSARecv
WSASend
Sections
.text Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
fgt.dll.dll windows x86
Password: infected
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorDllMain
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
inj.dll.dll windows x86
Password: infected
ade5176debf3e13f9afa2c850ca3064e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery
msvcrt
__dllonexit
_errno
_iob
abort
calloc
fflush
free
fwrite
malloc
memcpy
vfprintf
libgcc_s_dw2-1
__deregister_frame_info
__register_frame_info
Exports
Exports
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 100B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 63B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 876B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 300B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/14 Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/29 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/41 Size: 512B - Virtual size: 303B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/55 Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/67 Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
inject.dll.dll windows x86
Password: infected
62a2447a5b08ce184684863ad9b90b89
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery
msvcrt
__dllonexit
_errno
_iob
abort
calloc
fflush
free
fwrite
malloc
memcpy
vfprintf
libgcc_s_dw2-1
_Unwind_Resume
__deregister_frame_info
__register_frame_info
libstdc++-6
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
_ZNSaIcEC1Ev
_ZNSaIcED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEj
__gxx_personality_v0
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 100B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 51B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 328B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/14 Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/29 Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/41 Size: 512B - Virtual size: 283B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/55 Size: 512B - Virtual size: 343B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
t.exe.exe windows x86
Password: infected
481f47bbb2c9c21e108d65f52b04c448
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_iob
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
wcsncmp
_close
wcslen
wcscpy
strerror
modf
strspn
realloc
__p__environ
__p__wenviron
_errno
free
strncmp
strstr
strncpy
_ftol
qsort
fopen
perror
fclose
fflush
calloc
malloc
signal
printf
_isctype
atoi
exit
__mb_cur_max
_pctype
strchr
fprintf
_controlfp
_strdup
_strnicmp
kernel32
PeekNamedPipe
ReadFile
WriteFile
LoadLibraryA
GetProcAddress
GetVersionExA
GetExitCodeProcess
TerminateProcess
LeaveCriticalSection
SetEvent
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetFileType
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentProcess
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
FormatMessageA
GetLastError
WaitForSingleObject
CreateEventA
SetStdHandle
SetFilePointer
CreateFileA
CreateFileW
GetOverlappedResult
DeviceIoControl
GetFileInformationByHandle
LocalFree
advapi32
FreeSid
AllocateAndInitializeSid
wsock32
getsockopt
connect
htons
gethostbyname
ntohl
inet_ntoa
setsockopt
socket
closesocket
select
ioctlsocket
__WSAFDIsSet
WSAStartup
WSACleanup
WSAGetLastError
ws2_32
WSARecv
WSASend
Sections
.text Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ