metasploit | c0407b4d646f3263356413c746c06e64d8b52fbf2c26c43e9b2d7cf880742480

Sharing

Copy URL Twitter E-mail

General

Target

c0407b4d646f3263356413c746c06e64d8b52fbf2c26c43e9b2d7cf880742480
Size

146KB
MD5

12a8f426e78ab534b2202718556bf58e
SHA1

f5222d2bb73f8427505a19c9376113aa57ab4cd9
SHA256

c0407b4d646f3263356413c746c06e64d8b52fbf2c26c43e9b2d7cf880742480
SHA512

c8feafbecb1094f37f6da912ee82e1a2774cc3a93c0336f4d10cddf0b9e183cdcb66d4bc86a722578b7731cdfe9971b48a1a2298f2d14ebabae83de9f2910939
SSDEEP

1536:RsOmLiW3bADv+QDzc1t95dkmVnTA6uvO3HaePL:RsBLi8bm2QDzEtJ/q8L

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

172.16.16.48:4444

Signatures

Metasploit family
metasploit

Files

c0407b4d646f3263356413c746c06e64d8b52fbf2c26c43e9b2d7cf880742480
.exe windows x86

9003944e49ef2848ccf4a2bfcade2941

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:d5:a2:df:3c:a3:fe:98:83:c3:11:7c:75:6b:4c:08:ba:98:2c:1b
Signer

Actual PE Digest

46:d5:a2:df:3c:a3:fe:98:83:c3:11:7c:75:6b:4c:08:ba:98:2c:1b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LoadLibraryA
LocalAlloc
GetModuleHandleA
GetStringTypeA
LCMapStringW
SetErrorMode
MultiByteToWideChar
Sleep
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
SetStdHandle
RtlUnwind
GetLogicalDrives
GetDriveTypeA
CreateFileA
FlushFileBuffers
CloseHandle
LCMapStringA
GetLastError
GetEnvironmentStringsW
GetEnvironmentStrings
GetFileAttributesA
DeviceIoControl
LocalFree
FormatMessageA
GetProcAddress
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetStringTypeW

user32

wsprintfA
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextA
SendMessageA
DialogBoxIndirectParamA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

9003944e49ef2848ccf4a2bfcade2941

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

46:d5:a2:df:3c:a3:fe:98:83:c3:11:7c:75:6b:4c:08:ba:98:2c:1bSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 108KB - Virtual size: 112KB

.rsrc Size: 4KB - Virtual size: 976B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

46:d5:a2:df:3c:a3:fe:98:83:c3:11:7c:75:6b:4c:08:ba:98:2c:1b
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 108KB - Virtual size: 112KB

.rsrc
Size: 4KB - Virtual size: 976B