metasploit | 894b5e81fe56418b8df30639fd8b8c484c934aba8a121397b592039e07f766ee[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

894b5e81fe56418b8df30639fd8b8c484c934aba8a121397b592039e07f766ee.exe
Size

16KB
MD5

0ebb7d6aee08a1fd0144b6600d5f6d9a
SHA1

ea49c6cd2e55cb1cad438d22a704cec610e691a5
SHA256

894b5e81fe56418b8df30639fd8b8c484c934aba8a121397b592039e07f766ee
SHA512

33de0818fe542800cd31c18954343639e994ba1c051152cdcd8239837961eed5cbf870fd31866257d5876a8fa9d40abbbac7c773682bae69e6988e8207c775c2
SSDEEP

192:0vtigbWBcCroDBQABJUWgoqnajKszMXNs:0igbWwDBRJUWnlGsz0s

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

51.254.127.82:6821

Signatures

Metasploit family
metasploit

Files

894b5e81fe56418b8df30639fd8b8c484c934aba8a121397b592039e07f766ee.exe
.exe windows x64

b4c6fff030479aa3b12625be67bf4914

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:99:89:e9:cd:0d:04:7a:8b:93:4c:05:8a:cf:75:23:e4:e7:44:7a:2b:02:cd:f2:fb:50:99:b8:38:5f:75:8e
Signer

Actual PE Digest

20:99:89:e9:cd:0d:04:7a:8b:93:4c:05:8a:cf:75:23:e4:e7:44:7a:2b:02:cd:f2:fb:50:99:b8:38:5f:75:8e

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20/01/2023, 15:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wweb
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b4c6fff030479aa3b12625be67bf4914

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

20:99:89:e9:cd:0d:04:7a:8b:93:4c:05:8a:cf:75:23:e4:e7:44:7a:2b:02:cd:f2:fb:50:99:b8:38:5f:75:8eSigner

Signature Validations

Verification

20/01/2023, 15:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 132B

.wweb Size: 1024B - Virtual size: 632B

.rsrc Size: 1024B - Virtual size: 816B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

20:99:89:e9:cd:0d:04:7a:8b:93:4c:05:8a:cf:75:23:e4:e7:44:7a:2b:02:cd:f2:fb:50:99:b8:38:5f:75:8e
Signer

20/01/2023, 15:57
Valid: false

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 132B

.wweb
Size: 1024B - Virtual size: 632B

.rsrc
Size: 1024B - Virtual size: 816B