metasploit | reptile[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

reptile.exe
Size

94KB
MD5

a7720a9461c97d5a2785c6679aced410
SHA1

b188f61fed21507c65e0c798eab2f9604c4a42e9
SHA256

562adc9f106bd09f97104d0222f00a73eabca6210f6526cc0bf23657ba198b04
SHA512

8626481768a0e3129b966af7a592c5f533dc0d85e760783ec9a8b660c833439f2c8334dc05af93f17af433748f24a7b7cd432f24256eb7083c22effb84da0360
SSDEEP

1536:7B1PZ7k5zPPbRePZZpK1jvrf858ZVKYTQB2ByOBPyCBCzST4vmKICYBItXQSmX:1y+XIvrQvEyOBP/BxTuo6XQSmX

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
reptile.exe

Files

reptile.exe
.exe windows x86

9b55aa4609e6e98ebe1940ddefd1b771

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
gethostbyname
htons
socket
connect
recv
send
closesocket
WSACleanup

user32

wsprintfA
IsCharAlphaNumericA

oleaut32

GetErrorInfo

msvcrt

wcsncpy
_CxxThrowException
__dllonexit
_onexit
_exit
_XcptFilter
exit
_wcsupr
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
fopen
fseek
ftell
fread
fclose
strtoul
atoi
_strlwr
wcsncmp
strrchr
system
mbstowcs
wcslen
wcscpy
printf
__CxxFrameHandler
strstr
strcat
strcpy
malloc
free
memcmp
strcmp
sscanf
memcpy
srand
strncpy
strtok
memset
rand
_snprintf
strlen
sprintf
strncat
wcscat
fwrite
_vsnprintf
_iob
fprintf
_splitpath
strchr
??2@YAPAXI@Z
_strcmpi
toupper
_acmdln

kernel32

CopyFileA
GetStartupInfoA
GetSystemDirectoryW
GetProcessHeap
HeapFree
HeapAlloc
GetWindowsDirectoryA
GetFileTime
SetFileTime
GetFileAttributesA
LocalAlloc
LocalFree
CreateMutexA
ReleaseMutex
CompareStringW
VirtualFree
VirtualAlloc
DuplicateHandle
CreateFileW
GetFileSize
ReadFile
MoveFileW
GetWindowsDirectoryW
GetSystemDirectoryA
ExpandEnvironmentStringsA
lstrlenA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcatA
GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenProcess
SetFileAttributesA
DeleteFileA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetLocaleInfoA
TerminateThread
CreateProcessA
GetVersionExA
WaitForSingleObject
GetTempPathA
ExitProcess
WriteFile
CreateFileA
TransactNamedPipe
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
ExitThread
GetTickCount
GetModuleFileNameA
CreateThread
Sleep
lstrcmpiA

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

9b55aa4609e6e98ebe1940ddefd1b771

Headers

File Characteristics

Imports

ws2_32

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 27KB - Virtual size: 385KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 27KB - Virtual size: 385KB