metasploit | ddda231373671755946de691003187b8c14367900ffc6a1814f11cca58d9c99e

Sharing

Copy URL Twitter E-mail

General

Target

ddda231373671755946de691003187b8c14367900ffc6a1814f11cca58d9c99e
Size

4.6MB
MD5

a6f68daed5d35bdf835d47bc5b8e9eda
SHA1

4eb67c1340b78c9829349b9211abba87541add2a
SHA256

ddda231373671755946de691003187b8c14367900ffc6a1814f11cca58d9c99e
SHA512

b48edd26a04ccc8054e5eb2d51df59ef163560c17943ffa7100538bd3e3fdb15ccd6d3ea8a52fb688dd8060ffb5e7209fc987a8b8274f2b5d8de9e2901dc45b9
SSDEEP

3072:xYVlF22d/HAMt0WSt+/x3y6dykvOCVwOU3R4KyslRzXtDm+t6V:ydd/HAMt0Lt8xuQV1UBXy+zXtDmU6

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Files

ddda231373671755946de691003187b8c14367900ffc6a1814f11cca58d9c99e
.exe windows x86

8d9d40d3d77db20689b4f35ab163abfd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetCurrentProcess
GetVersionExA
TerminateThread
TransactNamedPipe
CreateFileA
CopyFileA
lstrlenA
WriteFile
SetFileAttributesA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleHandleA
GetComputerNameA
IsDebuggerPresent
lstrcpyA
GetTempPathA
WaitForSingleObject
DeleteCriticalSection
QueryPerformanceCounter
ExitProcess
CreateProcessA
ReleaseMutex
DeleteFileA
CreateMutexA
GlobalMemoryStatusEx
GetTimeFormatA
GetDateFormatA
GetSystemDirectoryA
GetLocaleInfoA
ReadProcessMemory
OpenProcess
Module32Next
TerminateProcess
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetCurrentThread
LocalAlloc
GetFileAttributesA
SetFileTime
GetFileTime
GetWindowsDirectoryA
SetEnvironmentVariableA
CompareStringW
InitializeCriticalSectionAndSpinCount
GetLastError
ExitThread
lstrcmpiA
GetModuleFileNameA
CreateThread
MultiByteToWideChar
Sleep
QueryPerformanceFrequency
GetTickCount
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetExitCodeProcess
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
InitializeCriticalSection
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
RaiseException
HeapSize
GetCPInfo

user32

CharLowerA
wsprintfA

advapi32

RegSetValueExA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

gethostname
setsockopt
gethostbyname
ioctlsocket
sendto
WSASocketA
closesocket
inet_addr
htons
connect
send
recv
htonl
ntohs
WSAStartup
socket

iphlpapi

GetUdpTable

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

8d9d40d3d77db20689b4f35ab163abfd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 12KB - Virtual size: 12KB