metasploit | 8224b9e0ae99d573168e72bf2cd0c294dbe6028b7a5868e07f080350174044ee

Sharing

Copy URL

Twitter E-mail

General

Target

8224b9e0ae99d573168e72bf2cd0c294dbe6028b7a5868e07f080350174044ee
Size

556KB
MD5

506c945b237c6a4faa96c7185fd95bad
SHA1

0e0131ff448926496fcae3173f46efb451af10aa
SHA256

8224b9e0ae99d573168e72bf2cd0c294dbe6028b7a5868e07f080350174044ee
SHA512

13cd4e4c056e065954efa7fd9b4ec13997fbffa790cc49a11ca87b8178ae20e9e7d77970289d8eacb7f7d99707f43447d463c5070b56340723019e61ad209e7c
SSDEEP

12288:cSBzGbO4ALFGK+QT+ktCbHWy82WrXDi74O:GO4s+QT+kobHWy/AzQ

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Files

8224b9e0ae99d573168e72bf2cd0c294dbe6028b7a5868e07f080350174044ee
.exe windows x86

092ca20b4e2feda3e25dbe39504603ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

CloseHandle
CreateFileA
GetTickCount
WriteFile
CreateProcessA
GetTempPathA
CreateThread
ExitProcess
SetPriorityClass
GetLocaleInfoA
MoveFileExA
GetCurrentProcess
GetCurrentThread
SetProcessPriorityBoost
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
OpenMutexA
CreateMutexA
ReleaseMutex
GetLastError
GetCurrentProcessId
DeleteFileA
lstrlenA
FreeLibrary
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
lstrcmpiA
WinExec
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
SetEvent
CreateEventA
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ExitThread
EnterCriticalSection
OpenEventA
WaitForMultipleObjects
DeleteCriticalSection
WideCharToMultiByte
LocalFree
FlushFileBuffers
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetModuleFileNameA
Process32Next
SetFileAttributesA
CopyFileA
CreateDirectoryA
Sleep
GetWindowsDirectoryA
Process32First
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
WaitForSingleObject
VirtualQuery
HeapFree
UnhandledExceptionFilter
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
HeapAlloc
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection

user32

FindWindowA
IsWindow
GetWindowThreadProcessId
SwitchToThisWindow
IsCharAlphaNumericA
IsCharAlphaA
RegisterDeviceNotificationA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
BlockInput
GetWindowTextA
GetForegroundWindow
SendMessageA
FindWindowExA
keybd_event
RealGetWindowClassA
SetFocus
SetForegroundWindow
VkKeyScanW
SendInput
MapVirtualKeyA
VkKeyScanA
GetMenuItemID
PostMessageA
IsWindowVisible

advapi32

LookupPrivilegeValueA
IsTextUnicode
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
RegQueryValueExA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
GetUserNameA
RegOpenKeyExA

shell32

ShellExecuteA
SHChangeNotify
ShellExecuteExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit

ws2_32

recv
select
send
gethostbyname
closesocket
socket
WSACleanup
WSAGetLastError
inet_addr
WSAStartup
connect
htonl
ntohl
inet_ntoa
gethostname
ioctlsocket
htons

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

shlwapi

SHDeleteKeyA

mpr

WNetCancelConnectionA
WNetUseConnectionA
WNetCancelConnection2A
WNetGetLastErrorA

rpcrt4

RpcBindingFromStringBindingA
RpcStringFreeA
RpcMgmtIsServerListening
RpcMgmtSetComTimeout
NdrClientCall2
RpcMgmtInqStats
RpcBindingFree
RpcStringBindingComposeA
RpcMgmtStatsVectorFree

comctl32

ord17

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nygi6lr3
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kjvapig1
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

i1xbah79
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

092ca20b4e2feda3e25dbe39504603ca

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

ntdll

shlwapi

mpr

rpcrt4

comctl32

Sections

.text Size: 364KB - Virtual size: 364KB

.rsrc Size: 12KB - Virtual size: 12KB

nygi6lr3 Size: 52KB - Virtual size: 52KB

kjvapig1 Size: 84KB - Virtual size: 84KB

i1xbah79 Size: 40KB - Virtual size: 40KB

.text
Size: 364KB - Virtual size: 364KB

.rsrc
Size: 12KB - Virtual size: 12KB

nygi6lr3
Size: 52KB - Virtual size: 52KB

kjvapig1
Size: 84KB - Virtual size: 84KB

i1xbah79
Size: 40KB - Virtual size: 40KB