metasploit | 6c590275bebe18d44589dd6219034fead78346ee0f08a04617ea5a594a362b93

Sharing

Copy URL Twitter E-mail

General

Target

6c590275bebe18d44589dd6219034fead78346ee0f08a04617ea5a594a362b93
Size

255KB
MD5

96e8f806293d824c4a919c8af5f46cc0
SHA1

92829bc5c8af419ff30eebf9749beaf844c50b4b
SHA256

6c590275bebe18d44589dd6219034fead78346ee0f08a04617ea5a594a362b93
SHA512

71520481b65f01dfb2eb339a93f0a4100876bd5b5f8d34780278d6713426b3abe8e7d68adb58bf27443fbb9602dbde1e5d60eaa4ad7bb538111e1acaaf68af63
SSDEEP

3072:NZ3A8Cp7NyaicO9zyBOxL2FLekcTry6Xl0qURpAG+cixs50qK1dTOo1hw98tlCZA:Nc9N1ON4O4FKLiW0P+dhqK1xOuSSln

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.234.128:443

Signatures

Metasploit family
metasploit

Files

6c590275bebe18d44589dd6219034fead78346ee0f08a04617ea5a594a362b93
.exe windows x86

f7ccf4f7cc5b778c8262faf213af7c3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

comctl32

InitCommonControlsEx

kernel32

ReadFile
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetFileAttributesA
CloseHandle
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
HeapAlloc
ExitProcess
HeapSize
Sleep
GetModuleFileNameA
GetStdHandle
WriteFile
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
HeapFree
DeleteFileA
MoveFileA
GetLastError
GetStartupInfoA
GetCommandLineA
RtlUnwind
MultiByteToWideChar
GetVersionExW
FreeLibrary
LoadLibraryW
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalReAlloc
GlobalFree
MulDiv
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

user32

DestroyCursor
SendMessageW
SendDlgItemMessageW
EndDialog
CreateDialogParamW
DialogBoxParamW
CreateWindowExW
SetMenuDefaultItem
CheckMenuItem
GetClipboardOwner
OpenClipboard
CloseClipboard
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
SetClipboardData
TrackPopupMenu
LoadMenuW
LoadBitmapW
GetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSubMenu
GetMenuStringW
ModifyMenuW
GetSystemMetrics
DestroyMenu
SetWindowsHookExW
LoadIconW
MessageBoxA
FindWindowW
BringWindowToTop
MessageBeep
GetMessageW
IsWindow
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
RegisterClassExW
RegisterWindowMessageW
GetCursorPos
SetForegroundWindow
PostMessageW
GetMenuDefaultItem
PostQuitMessage
UpdateWindow
SetCursor
GetSysColor
SetFocus
MessageBoxW
GetFocus
GetDlgCtrlID
DestroyWindow
GetSystemMenu
LoadStringW
AppendMenuW
EnableWindow
GetDesktopWindow
GetWindowRect
IntersectRect
IsWindowVisible
ScreenToClient
SetWindowPos
ShowWindow
SetWindowTextW
InflateRect
DrawFrameControl
GetWindowTextW
DrawStateW
DrawFocusRect
GetClientRect
DestroyIcon
InvalidateRect
CallWindowProcW
SetWindowLongW
DefWindowProcW
GetWindowLongW
GetDC
GetTopWindow
GetWindow
ReleaseDC
GetDlgItem
LoadImageW

gdi32

GetDeviceCaps
SetBkColor
ExtTextOutW
CreateCompatibleDC
BitBlt
DeleteDC
SetBkMode
CreateSolidBrush
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
SelectObject
Rectangle
GetTextExtentPoint32W
SetTextColor
GetStockObject
DeleteObject

shell32

ShellExecuteW

ukhook40

VnConvert
?ModifyStatusIcon@@YAXXZ
?UkLoadKeyOrderMap@@YAHPBDPAUUkKeyMapPair@@PAH@Z
?UkStoreKeyOrderMap@@YAHPBDPAUUkKeyMapPair@@H@Z
?MsViMethodMapping@@3PAUUkKeyMapping@@A
?VIQRMethodMapping@@3PAUUkKeyMapping@@A
?VniMethodMapping@@3PAUUkKeyMapping@@A
?SimpleTelexMethodMapping@@3PAUUkKeyMapping@@A
?TelexMethodMapping@@3PAUUkKeyMapping@@A
?getText@CMacroTable@@QAEPBIH@Z
?getKey@CMacroTable@@QAEPBIH@Z
?getCount@CMacroTable@@QAEHXZ
?writeToFile@CMacroTable@@QAEHPBD@Z
?addItem@CMacroTable@@QAEHPBX0H@Z
?resetContent@CMacroTable@@QAEXXZ
?SetUnikeyOptions@@YAXPAU_UnikeyOptions@@H@Z
?SetOutputCharset@@YAHH@Z
?loadFromFile@CMacroTable@@QAEHPBD@Z
?init@CMacroTable@@QAEXXZ
?RecreateStatusIcon@@YAXXZ
?DeleteStatusIcon@@YAXXZ
?IsVietnamese@@YAHXZ
?SwitchMode@@YAXXZ
?GetVietHookDll@@YAPAUHINSTANCE__@@XZ
?SetUnikeyReady@@YAXXZ
?SetInputMethod@@YAHW4UkInputMethod@@@Z
?EnableUnikey@@YAXH@Z
?SetUnikeySysInfo@@YAXPAU_UnikeySysInfo@@@Z
?InitUkHook@@YAXXZ
?MyMouseHook@@YGJHIJ@Z
?MyKeyHook@@YGJHIJ@Z
?SetSwitchKey@@YAXH@Z
?UnikeyLoadMacro@@YAXPBD@Z
?UnikeyLoadUserKeyMap@@YAHPBD@Z
VnFileConvert
?VnConvSetOptions@@YAXPAU_VnConvOptions@@@Z
?VnConvResetOptions@@YAXPAU_VnConvOptions@@@Z
?VnConvGetOptions@@YAXPAU_VnConvOptions@@@Z
?genConvert@@YAHAAVVnCharset@@0AAVByteInStream@@AAVByteOutStream@@@Z
?getVnCharset@CVnCharsetLib@@QAEPAVVnCharset@@H@Z
?VnCharsetLibObj@@3VCVnCharsetLib@@A

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

f7ccf4f7cc5b778c8262faf213af7c3e

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

advapi32

comctl32

kernel32

user32

gdi32

shell32

ukhook40

Sections

.text Size: 142KB - Virtual size: 141KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 18KB - Virtual size: 199KB

.rsrc Size: 61KB - Virtual size: 60KB

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 18KB - Virtual size: 199KB

.rsrc
Size: 61KB - Virtual size: 60KB