metasploit | 081_Harry_LM[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

081_Harry_LM.exe
Size

252KB
MD5

3fd46d01f84176057433e22c9f374525
SHA1

9881a38a2ef59b69e97e954306c5a0f4d97142b4
SHA256

3e996af539fcdcf0963cc77532b4fa035f29b5521cf88c49d6bdd425c1444c21
SHA512

315c27ade6789785d8f31dea547708547634f4a14cf25bb908c7861d9c73e96eafa2a7221cedfbd4b5a7a8dd3fc9ccbde6a0ed709ad25b53bd5eb3d3ac7cbeba
SSDEEP

3072:nvW37YvD5crtVcWW/o8r/5EYtXcq8RTXXPOGmo6Xh5Vz1KDYSZlCJo2:d1crtVZW/NrhD6RVSXh5Vzoy

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

193.117.208.107:7200

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
081_Harry_LM.exe

Files

081_Harry_LM.exe
.exe windows x86

95b4fcf047a9992567af5b68b3bf70ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetErrorMode
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__getmainargs
__initenv
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_initterm
_iob
_lock
_onexit
_unlock
abort
atan
atoi
calloc
exit
fprintf
fputc
free
fwrite
localeconv
malloc
memcpy
memmove
memset
rand
setlocale
signal
strchr
strerror
strlen
strncmp
vfprintf
wcslen

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/110
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

95b4fcf047a9992567af5b68b3bf70ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 84B

.rdata Size: 3KB - Virtual size: 3KB

/4 Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1KB - Virtual size: 1KB

/14 Size: 1KB - Virtual size: 1KB

/29 Size: 73KB - Virtual size: 73KB

/41 Size: 15KB - Virtual size: 14KB

/55 Size: 30KB - Virtual size: 29KB

/67 Size: 1024B - Virtual size: 996B

/78 Size: 6KB - Virtual size: 6KB

/94 Size: 29KB - Virtual size: 28KB

/110 Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 84B

.rdata
Size: 3KB - Virtual size: 3KB

/4
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

/14
Size: 1KB - Virtual size: 1KB

/29
Size: 73KB - Virtual size: 73KB

/41
Size: 15KB - Virtual size: 14KB

/55
Size: 30KB - Virtual size: 29KB

/67
Size: 1024B - Virtual size: 996B

/78
Size: 6KB - Virtual size: 6KB

/94
Size: 29KB - Virtual size: 28KB

/110
Size: 1KB - Virtual size: 1KB