metasploit | 613abcc0c94d65366dd3b0a57aa5167b3000616f1717cc61e260260c44c673c6

Sharing

Copy URL Twitter E-mail

General

Target

613abcc0c94d65366dd3b0a57aa5167b3000616f1717cc61e260260c44c673c6
Size

418KB
MD5

01caef11950e1cd3843bda4d0fff58e0
SHA1

45b7e2e88ad38f829c2dff46166b32adae1a6769
SHA256

613abcc0c94d65366dd3b0a57aa5167b3000616f1717cc61e260260c44c673c6
SHA512

0e038453f8fab5ee595c483d41b6e2dde3562e4ceb5a9017b61b43941f94833a82f935d8eb4903990c2ca4d7154b92de4a0750e6cb20b7a81b755b0745f6363e
SSDEEP

1536:NryQjHvOnwWMOFEc9Xo8twxyKoLB5L0FWd2Vyu02Je:XTiwWjFlt88LZ2Vyd2Je

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Files

613abcc0c94d65366dd3b0a57aa5167b3000616f1717cc61e260260c44c673c6
.exe windows x86

02b3ae190f131515956e312f939f1046

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_ntoa
htonl
WSACleanup
send
connect
socket
sendto
WSAStartup
recv
gethostname
gethostbyname
ioctlsocket
shutdown
closesocket
htons

advapi32

GetUserNameA

user32

wsprintfA
CharLowerA

mpr

WNetAddConnection2A

shell32

SHChangeNotify
ShellExecuteExA

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntry

msvcrt

_ftol
_strcmpi
strncat
ceil
time
_stricmp
sscanf
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
strtok
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strncpy
atoi
atol
rand
sprintf
srand
strchr
strrchr
strcpy
_except_handler3
strcmp
strstr
_snprintf
strcspn
??2@YAPAXI@Z
_vsnprintf
strlen
malloc
strcat
memset
_initterm
free
memcpy
memcmp

kernel32

GetStartupInfoA
QueryPerformanceFrequency
QueryPerformanceCounter
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TransactNamedPipe
ReadFile
CreateEventA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
SetProcessPriorityBoost
CopyFileA
GetWindowsDirectoryA
DeleteCriticalSection
LoadLibraryA
GetFileTime
SetFileTime
GetFileAttributesA
CreateMutexA
SetFileAttributesA
TerminateThread
OpenProcess
TerminateProcess
GetCurrentThread
WinExec
LocalAlloc
LocalFree
DeleteFileA
ReleaseMutex
GetCurrentProcess
ExpandEnvironmentStringsA
CreateFileA
ExitThread
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
lstrcmpiA
CreateThread
Sleep
GetLastError
GetTempPathA
GetTickCount
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetVersionExA
GetLocaleInfoA

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 363KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

02b3ae190f131515956e312f939f1046

Headers

File Characteristics

Imports

wsock32

advapi32

user32

mpr

shell32

iphlpapi

wininet

msvcrt

kernel32

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 363KB - Virtual size: 391KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 363KB - Virtual size: 391KB