Behavioral task
behavioral1
Sample
reverse.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
reverse.exe
Resource
win10v2004-20230915-en
General
-
Target
reverse.exe
-
Size
7KB
-
MD5
90e832e57160a5b183ab2b6d5fda23da
-
SHA1
908b9e1eaee9c88c477668130d1b865a266d537a
-
SHA256
9faea2f5001c02cc204085851174235198ff50e91daaecc8d1976d363d3b1f2b
-
SHA512
af8e15801f20a215139f21daf2451b7ec074abd6ed4e10606f493bed280392e1ad93d2a0dbef80cbe511f727f5acd58ddb9b2e7e35a1ab70dcb639d36cf73f8f
-
SSDEEP
24:eFGStrJ9u0/6OlwnnZdkBQAVoaOx+JKZq/GeNDMSCvOXpmB:is0hwDkBQVXx+JtGSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
10.0.2.15:4444
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource reverse.exe
Files
-
reverse.exe.exe windows:4 windows x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pmfm Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE