metasploit | 1d5862df9c22747bbf35ac4b46bd98151abc4a85b44dcc753d254b95e1da9afe

Sharing

Copy URL Twitter E-mail

General

Target

1d5862df9c22747bbf35ac4b46bd98151abc4a85b44dcc753d254b95e1da9afe
Size

41KB
MD5

a18a9fc49a11fd61dad7f5d0d03deca9
SHA1

8f82bf85aee2bec5d4d356674d6c54d73a837f6a
SHA256

1d5862df9c22747bbf35ac4b46bd98151abc4a85b44dcc753d254b95e1da9afe
SHA512

9bfcc732122d272e3eb0b18f038a7b6119a6c1fbcd8866d78115d033b40bb1bff79915f80e79138bcaf59be1311983cd42429589fa07b12845d37943e3b84fdc
SSDEEP

384:8fi5YOVnapDIcbbctdZkgkzop/LaxsOYoEB0vjhVisYpezkK1vuD2lh:6iiinVcbIJkzC/ec0v9PYpuFvuD

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.16.130:3333

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d5862df9c22747bbf35ac4b46bd98151abc4a85b44dcc753d254b95e1da9afe

Files

1d5862df9c22747bbf35ac4b46bd98151abc4a85b44dcc753d254b95e1da9afe
.exe windows:6 windows x86

547aaeea6fc503825d3c6e7494e013e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Sleep
GetCurrentProcessId
OpenProcess
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount64
VirtualAlloc
GetModuleHandleW
GetProcAddress
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
GetCurrentThreadId
FreeLibrary

user32

CharUpperW

vcruntime140d

memcpy
memset
__std_type_info_destroy_list
_except_handler4_common
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
wcsstr

ucrtbased

_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm
_c_exit
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_get_initial_narrow_environment
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_CrtDbgReport
__stdio_common_vfprintf
__acrt_iob_func
_register_thread_local_exe_atexit_callback
_cexit
_configure_narrow_argv
__p___argc
_set_fmode
_exit
exit
_controlfp_s
_initterm_e
_crt_at_quick_exit
_initialize_narrow_environment
__p___argv

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

547aaeea6fc503825d3c6e7494e013e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.msvcjmc Size: 512B - Virtual size: 325B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.msvcjmc
Size: 512B - Virtual size: 325B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB