metasploit | 93d3bafff27fa643b93ffdc12cad35d90a02020f4e99a5dfa725ef71342e0be7

Sharing

Copy URL Twitter E-mail

General

Target

93d3bafff27fa643b93ffdc12cad35d90a02020f4e99a5dfa725ef71342e0be7
Size

42KB
MD5

e45f452b9b84193f2b073c385bbb104e
SHA1

9033818ffdbb0e4512a18229c9059ea0c3573d5f
SHA256

93d3bafff27fa643b93ffdc12cad35d90a02020f4e99a5dfa725ef71342e0be7
SHA512

e08847a76f63066435679948494e9419a35465c9613dce914176f7abe2cff99a1fd4329d4cf35acf23aedc6a31939b6e7110d34198bb79f18bfdf2c72d01b0f2
SSDEEP

384:kOUP2PwuuVAz82RIA/jCG212GHisYpE6bYxajOGEgu:2P24ZkRIAbb212GNYpPkx6jT

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://47.116.113.9:8887/PfVP

Attributes

headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93d3bafff27fa643b93ffdc12cad35d90a02020f4e99a5dfa725ef71342e0be7

Files

93d3bafff27fa643b93ffdc12cad35d90a02020f4e99a5dfa725ef71342e0be7
.exe windows:6 windows x86

471109d6dd7a0282ea28ea7b22544f24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadIconW
LoadCursorW
EndPaint
BeginPaint
UpdateWindow
TranslateAcceleratorW
LoadAcceleratorsW
EndDialog
DialogBoxParamW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW

msvcr120d

__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_CrtDbgReportW
_CrtSetCheckCount
_XcptFilter
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_dbg
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
wcscpy_s
_wmakepath_s
_wsplitpath_s
_CRT_RTC_INITW
exit

kernel32

GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
GetProcAddress
GetLastError
RaiseException
EncodePointer
IsDebuggerPresent

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

471109d6dd7a0282ea28ea7b22544f24

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcr120d

kernel32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 1KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 1KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB