metasploit | MicrosoftSfx[.]exe

General

Target

MicrosoftSfx.exe
Size

15KB
MD5

2a8002b9e97b360dd6da4787e1ef36d2
SHA1

51edc69030862c811f2332981d287b3e81ff54ba
SHA256

b09f66bc5b86ff80abf219b18d34dc8b758a7ad6368b223b1bb95241f4ffa79d
SHA512

5cb68a2f23d53c64cfd95ee1f94b51fb8b9ab2002c71da49041fad1ad5aaa7bc30676ed83258d22a6975ee2d8a046b9a489971f43fdeedfe8f13b61d38c13902
SSDEEP

96:5NfJy39aafjEPQYi3K1DntAfdomPdHWsyz7w7b:hu9aabWQYQK5YouI1s7b

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

74.207.240.21:9289

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MicrosoftSfx.exe

Files

MicrosoftSfx.exe
.exe windows x86

b093b9b6223af7f9e72d34d8765aa77f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateProcessA
ExitProcess
GetThreadContext
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory

msvcrt

memset

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

b093b9b6223af7f9e72d34d8765aa77f

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 28B

.bss Size: - Virtual size: 48B

.idata Size: 1024B - Virtual size: 548B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 28B

.bss
Size: - Virtual size: 48B

.idata
Size: 1024B - Virtual size: 548B