metasploit | d0e236ae04146ae16bad95c3a39bdfb3dbffc28f0d46a0fcf4e8f6cf3dea8199

Sharing

Copy URL Twitter E-mail

General

Target

d0e236ae04146ae16bad95c3a39bdfb3dbffc28f0d46a0fcf4e8f6cf3dea8199
Size

41KB
MD5

d6b6b6d2d8b9cde48da57e83b3cb1672
SHA1

36a716248d65e7bce3d5d1543f7fb0e8468ae6d9
SHA256

d0e236ae04146ae16bad95c3a39bdfb3dbffc28f0d46a0fcf4e8f6cf3dea8199
SHA512

5b72a125772925d701a2ee02763fdc9be366a19a8bb1879c8d2f962b4a3fd3d252fd0656a9698f6263a4161480a05d0472fe086221f9f706722545df238e1e89
SSDEEP

768:j19oagrkdFkyZ6bKKCv9PYpDVugu9vuDIu:jD/grkdF+b1CvRYpD2/

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.16.130:3333

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0e236ae04146ae16bad95c3a39bdfb3dbffc28f0d46a0fcf4e8f6cf3dea8199

Files

d0e236ae04146ae16bad95c3a39bdfb3dbffc28f0d46a0fcf4e8f6cf3dea8199
.exe windows:6 windows x86

fe5fdfada7746b09c892da30eaab4f7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Sleep
GetCurrentProcessId
OpenProcess
GetTickCount64
VirtualAlloc
GetModuleHandleW
GetProcAddress
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
GetCurrentThreadId
FreeLibrary

user32

CharUpperW

vcruntime140d

memcpy
memset
__std_type_info_destroy_list
_except_handler4_common
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
wcsstr

ucrtbased

_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm
_c_exit
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_get_initial_narrow_environment
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_CrtDbgReport
__stdio_common_vfprintf
__acrt_iob_func
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
__p___argv
__p___argc
_set_fmode
_exit
exit
_controlfp_s
_initterm_e
_crt_at_quick_exit
_initialize_narrow_environment
_cexit

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

fe5fdfada7746b09c892da30eaab4f7a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.msvcjmc Size: 512B - Virtual size: 325B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.msvcjmc
Size: 512B - Virtual size: 325B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB