metasploit | f5cb35d4f4eee25573e052faacbda8c3014a8cd1cdc0c465db328374f35c8aa0

Sharing

Copy URL Twitter E-mail

General

Target

f5cb35d4f4eee25573e052faacbda8c3014a8cd1cdc0c465db328374f35c8aa0
Size

758KB
MD5

35a603ffb47f57dc979c2fd9c41fcd51
SHA1

27dfa98ed561f83aabc2e0b36aca6e94a0ad3363
SHA256

f5cb35d4f4eee25573e052faacbda8c3014a8cd1cdc0c465db328374f35c8aa0
SHA512

5abcc3fc5f29ce1a9ff15f33378a0a209cc2ef4796342a69c439cad24651a8f05e5cd308f9cd8bc29f2cdcf117dc74b940411d35cd5c503d25d5f8813a249a36
SSDEEP

12288:gCHDv1ruE7tQyN/23hu1Jrn7CyAITNWHeGL7GOKtR:JvJuqDc3hu7rn7CWWodz

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

1.16.5.62:4444

Signatures

Metasploit family
metasploit

Files

f5cb35d4f4eee25573e052faacbda8c3014a8cd1cdc0c465db328374f35c8aa0
.exe windows x86

f93b5d76132f6e6068946ec238813ce1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellAboutW
ord165
ShellExecuteExW

shlwapi

ord225

gdiplus

GdipDrawLineI
GdipDrawArcI
GdipFillRectangleI
GdipCloneBrush
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPageUnit
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegGetValueW
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegCreateKeyExW
RegCloseKey
EventWrite
EventUnregister
EventRegister

oleaut32

SysAllocString
SysStringLen
VariantInit
SysAllocStringByteLen
SysFreeString
VariantClear

uxtheme

IsThemeActive

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

ImageList_Destroy
ImageList_Add
ImageList_Create
ord413
CreatePropertySheetPageW
PropertySheetW
ord380
ord410
ord392

ntdll

WinSqmAddToStreamEx
WinSqmIncrementDWORD
WinSqmAddToStream
NtQueryLicenseValue
RtlInitUnicodeString

kernel32

lstrlenA
WideCharToMultiByte
GetStartupInfoA
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleW
GetSystemTime
SetEvent
CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
ResetEvent
lstrcmpW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
MulDiv
GlobalFindAtomW
GetLastError
InterlockedDecrement
MultiByteToWideChar
GetLocalTime
GetLocaleInfoW
GetDateFormatW
InterlockedIncrement
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
GetLocaleInfoEx
GetProcAddress
LoadLibraryW
FreeLibrary
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExW
InterlockedExchange
FreeLibraryAndExitThread
GetFileAttributesW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
IsWow64Process
GetCurrentProcess
GetModuleFileNameW
LocalFree
LocalReAlloc
LocalAlloc
GetProfileStringW
lstrlenW
CompareStringW
ApplicationRecoveryInProgress
Sleep
ApplicationRecoveryFinished
RegisterApplicationRecoveryCallback
RegisterApplicationRestart
CompareFileTime
SystemTimeToFileTime
GetTempFileNameW
FileTimeToSystemTime
DeleteFileW
CreateFileW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapDestroy
HeapReAlloc
HeapSize
RaiseException

user32

GetSysColor
SetClassLongW
GetClassLongW
DrawMenuBar
SetMenuItemInfoW
AppendMenuW
RemoveMenu
GetSubMenu
GetWindowLongW
InsertMenuItemW
SetWindowLongW
IsWindowEnabled
PostMessageW
CharNextA
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
GetMenuState
IsClipboardFormatAvailable
DefWindowProcW
InvalidateRect
PostQuitMessage
GetFocus
DispatchMessageW
TranslateMessage
GetMessageExtraInfo
TranslateAcceleratorW
GetMessageW
SetForegroundWindow
SetWindowPlacement
RegisterClassExW
DrawTextW
ReleaseDC
GetDC
GetSystemMetrics
EnumChildWindows
SetPropW
GetMenu
CheckRadioButton
UpdateWindow
SendDlgItemMessageW
IsDlgButtonChecked
MoveWindow
GetDlgItemInt
SetDlgItemInt
CheckMenuItem
GetNextDlgTabItem
OffsetRect
GetMonitorInfoW
MonitorFromWindow
CopyRect
IntersectRect
EnumDisplayMonitors
EqualRect
MonitorFromRect
GetClassWord
EnumDesktopWindows
GetProcessDefaultLayout
CreateDialogParamW
TrackPopupMenu
CreatePopupMenu
GetAncestor
FindWindowW
EndDialog
EnableMenuItem
DestroyWindow
MapWindowPoints
GetClassNameW
GetDlgItem
GetWindowRect
SetWindowPos
SendMessageW
LoadCursorW
SetCursor
GetKeyState
IsDialogMessageW
LoadAcceleratorsW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
SetFocus
LoadStringW
SetWindowTextW
GetParent
GetClientRect
ShowWindow
GetWindowPlacement
LoadImageW
UnregisterClassA
FillRect
CheckMenuRadioItem
CreateWindowExW
MessageBeep
SystemParametersInfoW
DialogBoxParamW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

winmm

timeGetTime

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

gdi32

EqualRgn
CreateDIBSection
DeleteObject
DeleteDC
GetTextExtentPointW
CreateFontIndirectW
CreateCompatibleDC
GetDeviceCaps
GetRgnBox
CreateSolidBrush
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
LineTo
MoveToEx
ExtCreatePen
CreateCompatibleBitmap
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
SelectObject
CreatePatternBrush
SetTextColor
SetBkMode
GetStockObject
SetBkColor

msvcrt

wcsncmp
_wcsnicmp
iswdigit
_wcslwr_s
iswalpha
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
localeconv
memchr
strcspn
sprintf_s
_strtoi64
_strtoui64
_wcsdup
_i64tow_s
_wtoi64
wcsrchr
wcstoul
isalpha
time
difftime
memmove
_callnewh
__pctype_func
___lc_codepage_func
___lc_handle_func
_itow_s
___mb_cur_max_func
setlocale
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
tolower
isspace
abort
isalnum
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
__uncaught_exception
_except_handler4_common
_controlfp
_wtoi
_itoa
calloc
wcschr
_wcsicmp
_vsnwprintf
memcpy
wcscat_s
wcstol
wcscpy_s
exit
mbstowcs_s
toupper
isxdigit
isdigit
_ftol2_sse
memset
_ftol2
malloc
_purecall
free
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
__CxxFrameHandler3
_errno
_wcsrev

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

f93b5d76132f6e6068946ec238813ce1

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

gdiplus

advapi32

oleaut32

uxtheme

ole32

comctl32

ntdll

kernel32

user32

rpcrt4

winmm

version

gdi32

msvcrt

Sections

.text Size: 331KB - Virtual size: 331KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 394KB - Virtual size: 393KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 331KB - Virtual size: 331KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 394KB - Virtual size: 393KB

.reloc
Size: 15KB - Virtual size: 14KB