metasploit | b2ca7facf972a6exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b2ca7facf972a6exeexeexeex.exe
Size

4.8MB
MD5

b2ca7facf972a6e0846bb409f1945164
SHA1

4942dc17574d9d87abf9619299ec2a65aa74070e
SHA256

933d4a92875c8dc136e83fec44d2b8dd7bd5a77d222f9ca808d8c96d7a77ab69
SHA512

9b253b1c6f26744f7b36c47fc8c96973eafa419a22bb8637d978d470f7080cc82df5795f1e28e5fe60e6bb8ba104e052fe53a47c38c80c7dcf7adc7f74b12d07
SSDEEP

49152:/PrjStHtlHLqKxc9+gMPFgmdE9gyFgmdE9g:/PrjoLBxqwZKlZK

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.133.128:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2ca7facf972a6exeexeexeex.exe

Files

b2ca7facf972a6exeexeexeex.exe
.exe windows x86

9ca478683ae0af2fe0a94492783d4012

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

packet

PacketCloseAdapter
PacketGetAdapterNames
PacketOpenAdapter
PacketGetNetType
PacketGetVersion

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetStartupInfoW
ExitThread
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
CreateDirectoryA
RtlUnwind
ExitProcess
SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentThread
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
lstrcmpiW
GetStringTypeExW
GlobalGetAtomNameW
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
LoadLibraryA
lstrcmpA
GetProfileIntW
FormatMessageW
LocalFree
FreeResource
GetCurrentProcessId
MoveFileW
lstrcpyW
lstrcatW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetProcessHeap
HeapFree
GetQueuedCompletionStatus
HeapAlloc
FileTimeToSystemTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
GetLocalTime
OutputDebugStringA
GetVersion
GetTempPathW
GetTempFileNameW
RemoveDirectoryW
GetVersionExW
GetTickCount
FindNextFileW
OpenProcess
FlushFileBuffers
LocalAlloc
GlobalMemoryStatusEx
InterlockedDecrement
InterlockedIncrement
TerminateThread
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WriteFile
GetCurrentProcess
CreateFileW
GetModuleFileNameW
CopyFileW
GetFileSize
DeleteFileW
GetCurrentThreadId
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
FindClose
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryW
FindFirstFileW
ReleaseMutex
OpenEventW
GetThreadLocale
OpenMutexW
SetThreadLocale
TerminateProcess
SetEvent
CreateProcessW
FreeLibrary
CreateMutexW
WritePrivateProfileStringW
GetFileAttributesW
CreateThread
CreateEventW
WaitForSingleObject
GetProcAddress
SetLastError
LoadLibraryW
GetModuleHandleW
MulDiv
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
lstrlenA
RaiseException
OutputDebugStringW
CloseHandle
WinExec
GetLastError
lstrlenW
Sleep
WideCharToMultiByte
FileTimeToLocalFileTime
GetDiskFreeSpaceW
GetFileTime
FreeEnvironmentStringsW

user32

GetNextDlgGroupItem
UnregisterClassA
EndPaint
BeginPaint
WindowFromPoint
SetWindowTextW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetClassLongW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
GetMenuState
GetMenuStringW
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
DrawFrameControl
SetRectEmpty
UnionRect
GetCapture
DrawIconEx
MessageBoxW
GetCaretPos
InvalidateRgn
SetCursorPos
IsClipboardFormatAvailable
GetClipboardData
GetSystemMenu
SetParent
wsprintfW
InflateRect
GetDCEx
GetSysColorBrush
EndDeferWindowPos
GetWindow
IsRectEmpty
IsChild
GetMessageW
TranslateMessage
PostThreadMessageW
DispatchMessageW
DrawIcon
IsZoomed
DeleteMenu
SetMenu
InsertMenuW
GetSystemMetrics
LoadStringW
EqualRect
CloseClipboard
OpenClipboard
GetSysColor
SetWindowRgn
RemovePropW
GetMenuItemID
GetSubMenu
ModifyMenuW
SetPropW
GetWindowLongW
SetWindowLongW
GetMenuItemCount
MapWindowPoints
GetPropW
CallWindowProcW
IsIconic
DestroyWindow
keybd_event
GetWindowDC
CallNextHookEx
SetFocus
GetKeyboardState
IsDialogMessageW
GetAsyncKeyState
GetClassNameW
SetWindowPos
ShowWindow
EnableScrollBar
SetWindowsHookExW
UnhookWindowsHookEx
MoveWindow
SetForegroundWindow
FindWindowW
SystemParametersInfoW
UpdateWindow
SetActiveWindow
GetFocus
LoadIconW
IsWindowVisible
GetKeyState
TabbedTextOutW
CopyAcceleratorTableW
CharNextW
DestroyIcon
UnregisterClassW
MessageBeep
DrawFocusRect
LockWindowUpdate
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
DrawTextExW
GrayStringW
IsWindow
PostMessageW
CharUpperW
UnpackDDElParam
ReuseDDElParam
LoadMenuW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
GetMenuItemInfoW
ValidateRect
DrawTextW
SetLayeredWindowAttributes
GetWindowRect
FillRect
LoadImageW
SetCapture
OffsetRect
ReleaseDC
GetDlgItem
GetDesktopWindow
FrameRect
ReleaseCapture
GetDC
SetRect
SetClassLongW
CopyRect
ScreenToClient
PtInRect
CreateWindowExW
RedrawWindow
LoadBitmapW
ClientToScreen
SetCursor
SetTimer
KillTimer
LoadCursorW
GetClientRect
GetParent
AppendMenuW
EnableMenuItem
GetCursorPos
CreatePopupMenu
EnableWindow
InvalidateRect
SendMessageW
BeginDeferWindowPos

gdi32

SelectClipRgn
GetViewportExtEx
GetWindowExtEx
StartDocW
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
SetRectRgn
CombineRgn
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
Ellipse
UnrealizeObject
GetRgnBox
LPtoDP
DPtoLP
PatBlt
EnumFontFamiliesW
CreateRectRgn
MoveToEx
LineTo
IntersectClipRect
SetMapMode
SetROP2
RestoreDC
SaveDC
GetClipBox
CreateRectRgnIndirect
CreateBitmap
CreateDCW
GetBkColor
CreateCompatibleBitmap
GetCharABCWidthsFloatW
SetBkColor
GetPixel
GetTextMetricsW
ExcludeClipRect
Rectangle
CreateRoundRectRgn
CreatePen
RoundRect
GetTextColor
StretchBlt
CreateEllipticRgn
PtInRegion
RectInRegion
GetStockObject
GetMapMode
PtVisible
Escape
RectVisible
TextOutW
SetBkMode
GetTextExtentPoint32W
SetBrushOrgEx
ExtTextOutW
CreateFontW
GetObjectW
CreatePatternBrush
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
SetTextColor

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
IsTextUnicode
RegOpenKeyW
RegSetValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

DragFinish
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
DragAcceptFiles
DragQueryFileW
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
ExtractIconW
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
StrToIntW
PathRemoveFileSpecA
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
UrlUnescapeW

oledlg

OleUIBusyW

ole32

CoCreateGuid
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VarUdateFromDate
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipDeletePen
GdipSetStringFormatLineAlign
GdipDrawImageRect
GdipDrawLineI
GdipGetImageWidth
GdipCreatePen1
GdipDeleteStringFormat
GdipSetPathGradientCenterColor
GdipSetImageAttributesColorMatrix
GdipSetPathGradientSurroundColorsWithCount
GdipCreatePathGradientFromPath
GdipSetStringFormatAlign
GdipGetPathGradientPointCount
GdipDrawArcI
GdipAddPathEllipse
GdipDeletePath
GdipFillEllipse
GdipCreatePath
GdipDrawImageRectRectI
GdipDrawEllipse
GdipSetPenColor
GdipSetPenWidth
GdipDrawRectangle
GdipFillRectangle
GdipSetSolidFillColor
GdipSetPenDashStyle
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatFlags
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipCloneImage
GdipDrawRectangleI
GdipTranslateTextureTransform
GdipCreateTexture
GdipGetImageType
GdipDrawLine
GdipTranslateMatrix
GdipCreateMatrix2
GdipRotateWorldTransform
GdipResetWorldTransform
GdipRotateMatrix
GdipTranslateWorldTransform
GdipDrawCurveI
GdipTransformMatrixPoints
GdipDeleteMatrix
GdipFillEllipseI
GdipLoadImageFromStream
GdipDrawEllipseI
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateImageAttributes
GdipCreatePen2
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDisposeImage
GdipAlloc
GdipDisposeImageAttributes
GdipDrawImageI
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetSmoothingMode
GdipGraphicsClear
GdipLoadImageFromFile
GdipSetImageAttributesWrapMode
GdipDrawImageRectI
GdipDeleteGraphics
GdipDeleteFont
GdipMeasureString
GdipGetImageHeight
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipDrawImageRectRect
GdipFillRectangleI
GdipCreateStringFormat
GdipSaveImageToFile

iphlpapi

GetTcpTable
GetUdpTable
GetAdaptersAddresses

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCloseQuery
PdhLookupPerfNameByIndexW
PdhRemoveCounter

ws2_32

connect
inet_addr
setsockopt
recv
shutdown
recvfrom
htonl
htons
ntohs
sendto
socket
closesocket
send
listen
WSAIoctl
gethostbyname
bind
WSAAccept
WSASocketW
WSARecv
gethostname
ntohl
inet_ntoa
WSAGetLastError
WSACleanup
accept
WSAStartup

wininet

HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9ca478683ae0af2fe0a94492783d4012

Headers

File Characteristics

Imports

packet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

iphlpapi

imm32

pdh

ws2_32

wininet

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 336KB - Virtual size: 335KB

.data Size: 28KB - Virtual size: 59KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text Size: 512B - Virtual size: 452B

.idata Size: 15KB - Virtual size: 14KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 336KB - Virtual size: 335KB

.data
Size: 28KB - Virtual size: 59KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 512B - Virtual size: 452B

.idata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB