metasploit | 0d509277813a1dac3ca8ca277ae13aa8a4c933721a1fd05ed06359a4decd6380 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d509277813a1dac3ca8ca277ae13aa8a4c933721a1fd05ed06359a4decd6380
Size

16KB
MD5

a5b73d60f3cde04f9674cd195b0645de
SHA1

9f3e4a0a6f0a03227ed5cc309f2ac610d1996524
SHA256

0d509277813a1dac3ca8ca277ae13aa8a4c933721a1fd05ed06359a4decd6380
SHA512

bda7ff99c5fe4c75316cc3a32c7f8efaaedd2782796e37cb75ef07b84a234f8cc79edb466b02939073b355db336b181b2321ff0c9a732df9186fdbdeb05f8771
SSDEEP

96:/lxInDdrRKe0kGRmlFwfqvWbWNLsJmRhhTU58DusqimJgwAmf2:/TkhIDkymDCqv2W5sJmnhTOf

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.71.36.240:9876

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d509277813a1dac3ca8ca277ae13aa8a4c933721a1fd05ed06359a4decd6380

Files

0d509277813a1dac3ca8ca277ae13aa8a4c933721a1fd05ed06359a4decd6380
.exe windows:4 windows x86

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ