metasploit | ca378c575c32c4b491ada088160a07b33b62691084f0e4896b701c9f92ff72a1

General

Target

ca378c575c32c4b491ada088160a07b33b62691084f0e4896b701c9f92ff72a1
Size

93KB
MD5

585ef91271a89f14986ef3c935d33650
SHA1

711e1bd8a79fa9312e663163d39c730cf7415bfe
SHA256

ca378c575c32c4b491ada088160a07b33b62691084f0e4896b701c9f92ff72a1
SHA512

172f85c7e5b0645a9cd431873cf8fd8f69707f264551454280778b7a0cf2b1b270ef88d560187f17aab57b7ec90c577720e8507880109612e3804d4c4e4ac763
SSDEEP

1536:9SNssW9z0yr4BcDQX2oooD+AyxArAIVJ9yayZbScAEiag5+LM:dJlrr46QXMmAIq1LiaU+L

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.2.22:4444

Signatures

Metasploit family
metasploit

Files

ca378c575c32c4b491ada088160a07b33b62691084f0e4896b701c9f92ff72a1
.exe windows x86

c86861d7304082407097f39f4401cd08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

kernel32

GetCommandLineA
GetStartupInfoA
lstrlenW
MultiByteToWideChar
CreateEventA
GetCurrentThreadId
lstrcatA
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
UnmapViewOfFile
CloseHandle
ReleaseMutex
SetEvent
WaitForSingleObject
CreateProcessA
lstrcpynA
GetCurrentProcessId
DuplicateHandle
GetCurrentProcess
CreateMutexA
MapViewOfFile
CreateFileMappingA
SetUnhandledExceptionFilter
LocalFree
LocalAlloc
GetModuleHandleA
ExitThread
SetErrorMode

user32

SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DestroyWindow
TranslateMessage
DispatchMessageA
LoadStringA
DefWindowProcA
RegisterClassA
CreateMenu
CreateWindowExA
ShowWindow
GetForegroundWindow
GetClassNameA
GetShellWindow
wsprintfA

shlwapi

ord241
ord276
ord437
ord376
ord80
ord185
SHRegGetBoolUSValueA
StrCpyNW
wnsprintfA
SHGetValueA
PathFindFileNameA
StrStrIA
ord243

shdocvw

ord101

Exports

Exports

DllGetLCID

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

KrKN
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

c86861d7304082407097f39f4401cd08

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

shlwapi

shdocvw

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 140B

.rsrc Size: 82KB - Virtual size: 81KB

KrKN Size: 4KB - Virtual size:

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 140B

.rsrc
Size: 82KB - Virtual size: 81KB

KrKN
Size: 4KB - Virtual size: