metasploit | 25bd90988d4b160189c81b4f4ad157451c125a59b93a15cd9e9276560b822c52

Sharing

Copy URL Twitter E-mail

General

Target

25bd90988d4b160189c81b4f4ad157451c125a59b93a15cd9e9276560b822c52
Size

503KB
MD5

a160f9e8a16909270a083cf3e5d89180
SHA1

e316186d68613466eb9d58fcca3bfe4fb2b474e3
SHA256

25bd90988d4b160189c81b4f4ad157451c125a59b93a15cd9e9276560b822c52
SHA512

a05f2ec5670bfb7b9309e35e0ae5ae0437a5e3ea67a1417fe3de0ce661bc52d147d8c2c883ae0b28ee5ed1cdef199aa95393b6bb46b2cfb2741156abaeca5484
SSDEEP

6144:qBJBbIOkgKzCe9dMVHsGLULRTXFewKFWTyMTkiYCw+VSvGFal+412cicnoACqzM3:OJBMOkce9dgHs+UTVhdK12ciOs60H

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.0.10:4444

Signatures

Metasploit family
metasploit

Files

25bd90988d4b160189c81b4f4ad157451c125a59b93a15cd9e9276560b822c52
.exe windows x86

6331cdb5d878c7264ad0657f66b30caf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA

comctl32

ord14
ord15
ord17
ord13

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
SelectPalette
CreatePalette
ExtTextOutA
GetCharacterPlacementW
SetBkMode
GetBkMode
ExtTextOutW
GetCharABCWidthsFloatA
GetPixel
SetTextAlign
CreateCompatibleBitmap
TranslateCharsetInfo
GetObjectA
LineTo
MoveToEx
CreatePen
SetPixel
Polyline
GetCharWidthW
GetCharWidth32W
GetCharWidthA
GetCharWidth32A
SetPaletteEntries
UnrealizeObject

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteA

user32

GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
MessageBoxIndirectA
WinHelpA
PeekMessageA
DefWindowProcA
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
TranslateMessage
EnableMenuItem
GetCursorPos
TrackPopupMenu
GetScrollInfo
ScreenToClient
GetKeyboardLayout
SetKeyboardState
ToUnicodeEx
ToAsciiEx
SetScrollInfo
GetMessageTime
PostMessageA
CheckMenuItem
IsZoomed
FlashWindow
GetClipboardData
RegisterClipboardFormatA
EmptyClipboard
SetClipboardData
CloseClipboard
SetCaretPos
KillTimer
SetTimer
GetKeyboardState
SetClassLongA
SetCursor
ShowCursor
CreatePopupMenu
InsertMenuA
DeleteMenu
AppendMenuA
IsIconic
GetSystemMetrics
GetCapture
ReleaseCapture
LoadIconA
GetDesktopWindow
MoveWindow
DefDlgProcA
LoadCursorA
CreateDialogParamA
GetMessageA
GetWindowLongA
IsDialogMessageA
DispatchMessageA
PostQuitMessage
EnableWindow
DialogBoxParamA
EndDialog
GetParent
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
RegisterWindowMessageA
DrawEdge
GetDlgItemTextA
SetCapture
MessageBoxA
SetFocus
GetDlgItem
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetWindowLongA
MessageBeep
SendDlgItemMessageA
GetDC
ReleaseDC
SendMessageA
MapDialogRect
GetCaretBlinkTime
DestroyWindow
RegisterClassA
GetSysColor
SystemParametersInfoA
GetWindowRect
CreateWindowExA
ShowWindow
OpenClipboard

winmm

PlaySoundA

winspool.drv

OpenPrinterA
StartDocPrinterA
StartPagePrinter
EndDocPrinter
ClosePrinter
EnumPrintersA
WritePrinter
EndPagePrinter

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
SetEndOfFile
InterlockedExchange
RtlUnwind
SetFilePointer
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetTimeZoneInformation
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetACP
GetLocalTime
GetEnvironmentVariableA
DeleteFileA
SetCommBreak
CreateFileA
GetCommState
SetCommState
SetCommTimeouts
ClearCommBreak
CreatePipe
SetHandleInformation
GetCurrentThreadId
OpenProcess
LocalAlloc
LocalFree
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
QueryPerformanceCounter
GlobalMemoryStatus
GetCurrentThread
GetThreadTimes
GetCurrentProcess
GetProcessTimes
GetSystemTime
GetSystemTimeAdjustment
FormatMessageA
GetSystemDirectoryA
WriteFile
CreateEventA
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
SetEvent
LoadLibraryA
FreeLibrary
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Beep
CreateThread
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByteEx
MultiByteToWideChar
GetLocaleInfoA
GetOEMCP
GetCPInfo
lstrcpynA
GetModuleHandleA
GetProcAddress
GetVersionExA
MulDiv
GetTickCount

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

6331cdb5d878c7264ad0657f66b30caf

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

imm32

ole32

shell32

user32

winmm

winspool.drv

kernel32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 112KB - Virtual size: 109KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 14KB

.text Size: 1024B - Virtual size: 556B

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 14KB

.text
Size: 1024B - Virtual size: 556B

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 15KB - Virtual size: 14KB