metasploit | 5f55b51511c88a09f5e49e91e3404097[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

5f55b51511c88a09f5e49e91e3404097.bin
Size

350KB
MD5

5f55b51511c88a09f5e49e91e3404097
SHA1

9a89a5d1fbecd3ce5c79a10d31c96e709277c7ab
SHA256

2c20098ca704674fcea02bf92847b475a07b46b1166aebf4934c1f4f506672f3
SHA512

09cb2845861b1e6b3739a417307dd3bd3bbd774b826bc984676b99669624da84ea78a3c62c6c5f50ccc8e7135e1f62d9e6faabc9e76907f3d326422c4cb88e9a
SSDEEP

6144:nEWjlZs5t38dX6piE4tU7kpiTcnFOHuln+Otc+EkzI8jSejCE8aKP3sGvLLhcy/W:E1nfYFXDA7DdCi/6OuXXAR8

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

http://64.254.247.154:44556/yySpvJzTp0rtDewMiUvRQwWkApudwNqvW5r5JtD6M4kq9gCtlmxM6pef33Co5I8A1D7Y-8BmurRBEJwoe4ln0N3fW9UTJjqTfmUhsYHBeXchLuk7JNuR1REIKOOcjC39rFBODJt39x2pY0OXmKrYQnjoM2ZAA9clSsB4HNCmp0Tct85Rd_4q_-rH5e7weXbly6Bhfwv

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f55b51511c88a09f5e49e91e3404097.bin

Files

5f55b51511c88a09f5e49e91e3404097.bin
.exe windows x86

5fadd4368d5823da256c7a4032dc0255

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
abort
system
vfprintf

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1008B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

5fadd4368d5823da256c7a4032dc0255

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 840B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 1008B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 1024B - Virtual size: 672B

/19 Size: 284KB - Virtual size: 283KB

/31 Size: 9KB - Virtual size: 8KB

/45 Size: 9KB - Virtual size: 9KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 2KB - Virtual size: 1KB

/81 Size: 3KB - Virtual size: 3KB

/92 Size: 512B - Virtual size: 488B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 840B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1008B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 1024B - Virtual size: 672B

/19
Size: 284KB - Virtual size: 283KB

/31
Size: 9KB - Virtual size: 8KB

/45
Size: 9KB - Virtual size: 9KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 2KB - Virtual size: 1KB

/81
Size: 3KB - Virtual size: 3KB

/92
Size: 512B - Virtual size: 488B