metasploit | ae074af0419d21ae96b8836ff7ccbbf273edbdfd13dce94c6c269405b2611746

Sharing

Copy URL Twitter E-mail

General

Target

ae074af0419d21ae96b8836ff7ccbbf273edbdfd13dce94c6c269405b2611746
Size

215KB
MD5

008efc87a79986934e16773559be5ec2
SHA1

62ae35743f549dc8efa7da70f9ef246aef131af0
SHA256

ae074af0419d21ae96b8836ff7ccbbf273edbdfd13dce94c6c269405b2611746
SHA512

671627b2daeb593cded799228c80c0667a6b4a3ecc0b4a8ee430271891000898b7530e0abce8361c452849dc7b30fe43e5db0c4f5a1e345b64907c8abfeecbc1
SSDEEP

6144:ngvM5lwxS7wwEA/QHtNfaPnkxS7kdA0iRtcapLrXh:gvuloS7zEAoHLiPcS7N0UVR

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://172.16.180.129:4444/8Azi

Signatures

Metasploit family
metasploit

Files

ae074af0419d21ae96b8836ff7ccbbf273edbdfd13dce94c6c269405b2611746
.exe windows x86

1744867817464bf7dd34561e44925565

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_controlfp
_initterm
__getmainargs
_acmdln
exit
_cexit
__setusermatherr
_XcptFilter
_exit
_c_exit
wcscpy
_wcsicmp
free
_ftol
malloc

advapi32

RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
CheckTokenMembership

kernel32

lstrlenW
GetSystemWindowsDirectoryW
LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
GetProcAddress
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
CreateMutexW
SetLastError
GetCommandLineW
GetWindowsDirectoryW
lstrcmpW
ExitProcess
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
lstrcatW
GetNumberFormatW
lstrcpyW
LoadLibraryA

gdi32

CreateFontIndirectW
CreatePenIndirect
SetTextColor
BitBlt
SetBkColor
CreateSolidBrush
CreateCompatibleDC
SetMapMode
TextOutW
GetTextMetricsW
SetBkMode
RealizePalette
SelectPalette
GetObjectW
StretchBlt
CreateBitmap
DeleteDC
CreateRoundRectRgn
SelectObject
Polyline
DeleteObject

user32

FindWindowW
MapVirtualKeyW
GetAsyncKeyState
GetMenu
SetTimer
SendMessageW
GetDlgItem
EndDialog
LoadStringW
EnableWindow
MessageBoxW
DialogBoxParamW
IsWindow
GetKeyboardLayout
GetWindowThreadProcessId
wsprintfW
CheckDlgButton
GetClientRect
DestroyWindow
InvalidateRect
WinHelpW
GetKeyboardType
SetClassLongW
RegisterClassW
GetClassInfoW
LoadCursorW
CreateWindowExW
GetSystemMetrics
SetWindowPos
SetWindowLongW
GetKeyState
wsprintfA
DrawIconEx
LoadImageW
SetWindowRgn
ToUnicodeEx
LoadIconW
GetWindowLongW
GetSysColor
ReleaseDC
GetDC
MapVirtualKeyExW
CloseDesktop
GetUserObjectInformationW
OpenDesktopW
OpenInputDesktop
PostMessageW
SetThreadDesktop
GetThreadDesktop
EndPaint
BeginPaint
DefWindowProcW
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
CloseWindowStation
MoveWindow
GetDesktopWindow
GetWindowRect
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
ShowWindow
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
RegisterWindowMessageW
KillTimer
EnableMenuItem
CheckMenuRadioItem
CheckMenuItem
ReleaseCapture
SetCapture
SetCursor
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
PostQuitMessage
SendInput
ActivateKeyboardLayout

msswch

ord8
ord13
ord12
ord11
ord9
ord1
ord14
ord10

comdlg32

ChooseFontW

winmm

PlaySoundW

shell32

ord258
ShellExecuteW

comctl32

ord17

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yUIc
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1744867817464bf7dd34561e44925565

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

msswch

comdlg32

winmm

shell32

comctl32

ole32

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 91KB - Virtual size: 90KB

yUIc Size: 4KB - Virtual size:

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 91KB - Virtual size: 90KB

yUIc
Size: 4KB - Virtual size: