metasploit | f024c8ef193a8b4e669f63678a597f09e3fbb5075aef32fd195a3e9087bd8cd1

Sharing

Copy URL

Twitter E-mail

General

Target

f024c8ef193a8b4e669f63678a597f09e3fbb5075aef32fd195a3e9087bd8cd1
Size

79KB
MD5

44670170cb48d73c83eff9e84792f7ba
SHA1

9798b104877a61420ee0a587a96c91c5d5c57c21
SHA256

f024c8ef193a8b4e669f63678a597f09e3fbb5075aef32fd195a3e9087bd8cd1
SHA512

dd67c6cff4fc6aeb451d8f0f82132a10220982eb3b9748b3f5e1b70b13abfb517723219d1d4c61f165dfe55962ae58a820b1d19fc74ced3fb404a04317144453
SSDEEP

768:JyqvhnQXTtpYIt9Jmyyqagq3rOCtwIyTCbxEknIu0RSyw4mS:JbmzYByZagqvtwIyTCbtnF8qS

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://47.99.129.229:8888/ipR1

Attributes

headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f024c8ef193a8b4e669f63678a597f09e3fbb5075aef32fd195a3e9087bd8cd1

Files

f024c8ef193a8b4e669f63678a597f09e3fbb5075aef32fd195a3e9087bd8cd1
.dll windows:4 windows x86

d67554e83d11af66affca51e11094cbd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
strlen
strncmp
vfprintf

user32

MessageBoxA

Exports

Exports

HelloWorld
shell_code

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d67554e83d11af66affca51e11094cbd

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 24B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 95B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 500B

/4 Size: 512B - Virtual size: 472B

/19 Size: 30KB - Virtual size: 29KB

/31 Size: 5KB - Virtual size: 4KB

/45 Size: 4KB - Virtual size: 4KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 512B - Virtual size: 272B

/81 Size: 3KB - Virtual size: 3KB

/92 Size: 1024B - Virtual size: 552B

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 24B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 95B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 500B

/4
Size: 512B - Virtual size: 472B

/19
Size: 30KB - Virtual size: 29KB

/31
Size: 5KB - Virtual size: 4KB

/45
Size: 4KB - Virtual size: 4KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 512B - Virtual size: 272B

/81
Size: 3KB - Virtual size: 3KB

/92
Size: 1024B - Virtual size: 552B