metasploit | 8fb5bed8cc52319d4cdcaa416f8655bb37886d2e56a31489c97e993012d18a93

Sharing

Copy URL

Twitter E-mail

General

Target

8fb5bed8cc52319d4cdcaa416f8655bb37886d2e56a31489c97e993012d18a93
Size

13KB
MD5

aad20561fa106f512e0e8d962cbb7a55
SHA1

0e61893f12e081f9e4d4862b64f15d9d6b4f99ef
SHA256

8fb5bed8cc52319d4cdcaa416f8655bb37886d2e56a31489c97e993012d18a93
SHA512

192732f563a1da2352ec1053c377bdb7ba51f52110776934a9e039348c220ff0aeb43bdc01d00d06b1fa6b88b11698aaee4b18a3178668eff19fe28db2601118
SSDEEP

48:qIDszp+pkRhnUxpnit2Vww2yduVdkVrmbZQynit2YimFDx+lYqzigqVPS/W4Bqbb:pa24UDmBVNZ5xmFDxCkFWBqb5zG67

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.0.5:4444

Signatures

Metasploit family
metasploit

Files

8fb5bed8cc52319d4cdcaa416f8655bb37886d2e56a31489c97e993012d18a93
.exe windows x86

9fc2d3b8d1032c25ebeeb29a8f8970c9

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16-11-2006 01:54

Not After

16-11-2026 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:32:3e:eb:ba:ce:dd
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

29-11-2010 18:44

Not After

29-11-2011 18:44

Subject

CN=Rapid7 LLC,OU=Metasploit,O=Rapid7 LLC,L=Boston,ST=MA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:f6:50:fd:69:3d:8c:5a:80:cb:01:ba:62:f6:5e:58:86:ba:a9:e2
Signer

Actual PE Digest

e3:f6:50:fd:69:3d:8c:5a:80:cb:01:ba:62:f6:5e:58:86:ba:a9:e2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Rapid7 LLC,OU=Metasploit,O=Rapid7 LLC,L=Boston,ST=MA,C=US

01-12-2022 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
VirtualAlloc
CreateFileA
GetModuleFileNameA
CloseHandle

Sections

.text
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

9fc2d3b8d1032c25ebeeb29a8f8970c9

Code Sign

03:01Certificate

Key Usages

2b:32:3e:eb:ba:ce:ddCertificate

Extended Key Usages

Key Usages

e3:f6:50:fd:69:3d:8c:5a:80:cb:01:ba:62:f6:5e:58:86:ba:a9:e2Signer

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 512B - Virtual size: 257B

.rdata Size: 512B - Virtual size: 206B

03:01
Certificate

2b:32:3e:eb:ba:ce:dd
Certificate

e3:f6:50:fd:69:3d:8c:5a:80:cb:01:ba:62:f6:5e:58:86:ba:a9:e2
Signer

01-12-2022 14:34
Valid: false

.text
Size: 512B - Virtual size: 257B

.rdata
Size: 512B - Virtual size: 206B