metasploit | 98d4ba0b1cd7993ffead0d6988d9dae9f73a84aeb477aefd024b1ea95a0870ea

Sharing

Copy URL Twitter E-mail

General

Target

98d4ba0b1cd7993ffead0d6988d9dae9f73a84aeb477aefd024b1ea95a0870ea
Size

237KB
MD5

4fcdb1d6051544d9d48d4ccef2ce4d76
SHA1

1d7408dec1c721b34fbb8a5b43492ed6f2c6c4ac
SHA256

98d4ba0b1cd7993ffead0d6988d9dae9f73a84aeb477aefd024b1ea95a0870ea
SHA512

31a8259e2f9b36ff264ff731319782844c0df8289c406af219b7b4e34c4205877d81f7fe8b8de11ec2f2ee37cf83748d14fcf5ed553af33d2ff8a58bf4251b42
SSDEEP

3072:hsahYX91iSrjHB2yMn037XzK3L3ZsWCBW8TPKbCVaZiDy6xz:qvX9Jh9M8XzuL3OW+amQIDye

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

10.10.2.238:11111

Signatures

Metasploit family
metasploit

Files

98d4ba0b1cd7993ffead0d6988d9dae9f73a84aeb477aefd024b1ea95a0870ea
.exe windows x86

36ad2ed9073d07ce66d2c924cdf9484d

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:44:51:73:96:6b:1c:10:b2:45:f4:73:a3:68:79:b1:fb:bd:89:d8:e8:82:17:bf:11:7a:e9:bc:73:3e:9a:64
Signer

Actual PE Digest

5c:44:51:73:96:6b:1c:10:b2:45:f4:73:a3:68:79:b1:fb:bd:89:d8:e8:82:17:bf:11:7a:e9:bc:73:3e:9a:64

Digest Algorithm

sha256

PE Digest Matches

false

71:7c:d1:c0:56:49:db:2c:e0:15:ac:c7:81:90:3d:0f:08:c0:72:9f
Signer

Actual PE Digest

71:7c:d1:c0:56:49:db:2c:e0:15:ac:c7:81:90:3d:0f:08:c0:72:9f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
GetFileSize
DeleteCriticalSection
GetProcessHeap
SizeofResource
HeapCreate
WritePrivateProfileStringW
SetLastError
GetCurrentProcess
DeviceIoControl
TerminateProcess
GetModuleFileNameW
VirtualUnlock
WaitForSingleObject
GetCurrentThreadId
GetVersionExW
UnmapViewOfFile
SetCurrentDirectoryA
CreateEventW
MultiByteToWideChar
GetPrivateProfileStringW
CreateFileA
SetEvent
LoadLibraryA
WaitForSingleObjectEx
LockResource
ReadFileEx
LoadLibraryW
FindResourceExW
ResetEvent
LoadResource
GetLastError
VirtualLock
GetProcAddress
FreeLibrary
WideCharToMultiByte
SetProcessWorkingSetSize
CreateFileMappingW
MapViewOfFile
GetTickCount
GetCurrentThread
GetModuleHandleW
VirtualProtect
VirtualFree
InterlockedCompareExchange
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapSize
CreateFileW
SetFilePointer
InitializeCriticalSectionAndSpinCount
HeapFree
FindResourceW
ReadFile

user32

SendMessageTimeoutW
PostThreadMessageW
FindWindowW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CertCreateCertificateContext
CryptMsgGetParam
CertGetNameStringW
CryptQueryObject

msvcp140

?_Xlength_error@std@@YAXPBD@Z

shlwapi

PathCombineW
PathCombineA
PathFileExistsW

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
_except_handler4_common
wcsrchr
__std_terminate
__CxxFrameHandler3
_local_unwind4
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_invalid_parameter_noinfo_noreturn
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_initialize_onexit_table
terminate
_controlfp_s
_invalid_parameter_noinfo
_beginthreadex
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode
__stdio_common_vswprintf_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

wcscpy_s
wmemcpy_s
strcpy_s
_wcsicmp
_wcsnicmp
wcsnlen

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dtc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dtd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

36ad2ed9073d07ce66d2c924cdf9484d

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5c:44:51:73:96:6b:1c:10:b2:45:f4:73:a3:68:79:b1:fb:bd:89:d8:e8:82:17:bf:11:7a:e9:bc:73:3e:9a:64Signer

71:7c:d1:c0:56:49:db:2c:e0:15:ac:c7:81:90:3d:0f:08:c0:72:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

wintrust

crypt32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.dtc Size: 4KB - Virtual size: 4KB

.dtd Size: 512B - Virtual size: 12B

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 3KB - Virtual size: 3KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5c:44:51:73:96:6b:1c:10:b2:45:f4:73:a3:68:79:b1:fb:bd:89:d8:e8:82:17:bf:11:7a:e9:bc:73:3e:9a:64
Signer

71:7c:d1:c0:56:49:db:2c:e0:15:ac:c7:81:90:3d:0f:08:c0:72:9f
Signer

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.dtc
Size: 4KB - Virtual size: 4KB

.dtd
Size: 512B - Virtual size: 12B

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 3KB - Virtual size: 3KB