General
-
Target
new_calc.exe
-
Size
25KB
-
MD5
4519f7aa1e04138ac77215757311821d
-
SHA1
60177730e5051113f3093426acfba75032eecf2b
-
SHA256
a2f02f69218dbc91b8ad43d03f4653f5d2ba4583dc07f5cc56073a0a94ea203d
-
SHA512
485affbe03a0cae6919ea559f8a0ac7a441c45297d1508c94e20748e3ccc717477192295cce829d094b8bceb3f89ff5549bc8b2dda41792dde7cbd0cffec34c5
-
SSDEEP
384:llfT5RDkS30swWSJYWaiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiiriiis:llfXb30sAD
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
192.186.119.182:1960
Signatures
-
Metasploit family
Files
-
new_calc.exe.exe windows x86
7629f7ae9107e06abb5c042b85c07da3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
ShellExecuteW
kernel32
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
msvcrt
_amsg_exit
__p__fmode
__setusermatherr
_initterm
_wcmdln
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_exit
__p__commode
_XcptFilter
exit
__set_app_type
__wgetmainargs
_cexit
advapi32
EventRegister
EventSetInformation
EventWriteTransfer
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetStartupInfoW
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 932B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 364B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ