metasploit | 960b0ec4fbc531a57394a41056e6362ef13ddaaa0272d7b5006b04982413d77b

Sharing

Copy URL Twitter E-mail

General

Target

960b0ec4fbc531a57394a41056e6362ef13ddaaa0272d7b5006b04982413d77b
Size

544KB
MD5

5f8bc8a3bd60c223975cce5919c7e981
SHA1

5e874340c37a356b09dc3b6a96bcaec65112807d
SHA256

960b0ec4fbc531a57394a41056e6362ef13ddaaa0272d7b5006b04982413d77b
SHA512

31ae4a3147d0dcc24e1c77579388be93a21645f688d93ec7eb4664c28ddbe5f804b01e75f65620aefdca43c20b5d1d85e0feb6f1ce2d72955eb6424043442085
SSDEEP

6144:bP8mrNepSYRhHGlhFSbjPbE3LZ9Pa6gvLsYjMm/Qd1Cb0B/g5II00Nsblby5R:QmrNsp3kSPPbE3LZ9y6vYjMmfbE/ym3

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Files

960b0ec4fbc531a57394a41056e6362ef13ddaaa0272d7b5006b04982413d77b
.exe windows x86

00e25f90b5142c0bbf711f5b76932a76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

CloseHandle
CreateFileA
GetTickCount
WriteFile
CreateProcessA
GetTempPathA
CreateThread
ExitProcess
SetPriorityClass
GetLocaleInfoA
MoveFileExA
GetCurrentProcess
GetCurrentThread
SetProcessPriorityBoost
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
OpenMutexA
CreateMutexA
ReleaseMutex
GetLastError
GetCurrentProcessId
DeleteFileA
lstrlenA
FreeLibrary
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
lstrcmpiA
WinExec
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
SetEvent
CreateEventA
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ExitThread
EnterCriticalSection
OpenEventA
WaitForMultipleObjects
DeleteCriticalSection
WideCharToMultiByte
LocalFree
FlushFileBuffers
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetModuleFileNameA
Process32Next
SetFileAttributesA
CopyFileA
CreateDirectoryA
Sleep
GetWindowsDirectoryA
Process32First
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
WaitForSingleObject
VirtualQuery
HeapFree
UnhandledExceptionFilter
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
HeapAlloc
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection

user32

FindWindowA
IsWindow
GetWindowThreadProcessId
SwitchToThisWindow
IsCharAlphaNumericA
IsCharAlphaA
RegisterDeviceNotificationA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
BlockInput
GetWindowTextA
GetForegroundWindow
SendMessageA
FindWindowExA
keybd_event
RealGetWindowClassA
SetFocus
SetForegroundWindow
VkKeyScanW
SendInput
MapVirtualKeyA
VkKeyScanA
GetMenuItemID
PostMessageA
IsWindowVisible

advapi32

LookupPrivilegeValueA
IsTextUnicode
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
RegQueryValueExA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
GetUserNameA
RegOpenKeyExA

shell32

ShellExecuteA
SHChangeNotify
ShellExecuteExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit

ws2_32

recv
select
send
gethostbyname
closesocket
socket
WSACleanup
WSAGetLastError
inet_addr
WSAStartup
connect
htonl
ntohl
inet_ntoa
gethostname
ioctlsocket
htons

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

shlwapi

SHDeleteKeyA

mpr

WNetCancelConnectionA
WNetUseConnectionA
WNetGetLastErrorA

rpcrt4

RpcBindingFromStringBindingA
RpcStringFreeA
RpcMgmtIsServerListening
RpcMgmtSetComTimeout
NdrClientCall2
RpcMgmtInqStats
RpcBindingFree
RpcStringBindingComposeA
RpcMgmtStatsVectorFree

comctl32

ord17

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

i0ve9tja
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

e2c8ir.4
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dpievhuh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wtq
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

00e25f90b5142c0bbf711f5b76932a76

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

ntdll

shlwapi

mpr

rpcrt4

comctl32

Sections

.text Size: 364KB - Virtual size: 364KB

.rsrc Size: 12KB - Virtual size: 12KB

i0ve9tja Size: 52KB - Virtual size: 52KB

e2c8ir.4 Size: 88KB - Virtual size: 88KB

dpievhuh Size: 4KB - Virtual size: 4KB

.wtq Size: 20KB - Virtual size: 20KB

.text
Size: 364KB - Virtual size: 364KB

.rsrc
Size: 12KB - Virtual size: 12KB

i0ve9tja
Size: 52KB - Virtual size: 52KB

e2c8ir.4
Size: 88KB - Virtual size: 88KB

dpievhuh
Size: 4KB - Virtual size: 4KB

.wtq
Size: 20KB - Virtual size: 20KB