ext_server_peinjector[.]x64[.]dll

General

Target

ext_server_peinjector.x64.dll
Size

58KB
MD5

0e73108969df6c4bf117e3f216f2a3c5
SHA1

9a6faa4ae9167c98b49869e0785c68134959393a
SHA256

7e28e3a335c8168bb3e788af045b0bda929e6b334b996017cd20c7b8cc1f2370
SHA512

a76d9933a3218e79764570e0f9512e82b66f2bd009787bc53691c492f1f6de028edecf884e1a1715b8456d616069d20730f7a3320a6b3aed0588ad4b92e914b8
SSDEEP

1536:Nds3AIdIQcbXtF/0nr9wj7SdCGsiiNeFANPA:77i1cbbMr9wjedCGsheq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/lib/ruby/gems/3.0.0/gems/metasploit-payloads-2.0.87/data/meterpreter/ext_server_peinjector.x64.dll

Files

ext_server_peinjector.x64.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1159581898-2029943322-2268025737-2727/$RNC412D/embedded/lib/ruby/gems/3.0.0/gems/metasploit-payloads-2.0.87/data/meterpreter/ext_server_peinjector.x64.dll
.dll windows x64

Password: S@ndb0x!2023@@

47f6a2fe36ea92d0f327671ddb1f3148

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
WaitForSingleObject
WriteFile
CreateMutexA
CreateFileW
ReadFile
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
RtlUnwindEx
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WideCharToMultiByte
GetConsoleCP
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
SetLastError
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetStdHandle
FlushFileBuffers
WriteConsoleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetStringTypeW
SetEndOfFile
HeapSize
LCMapStringW

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

47f6a2fe36ea92d0f327671ddb1f3148

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB