metasploit | f3125002f98787e885befa87cae281c8d5f573a30bb4fdfc724eb31c71515ec7

Sharing

Copy URL Twitter E-mail

General

Target

f3125002f98787e885befa87cae281c8d5f573a30bb4fdfc724eb31c71515ec7
Size

93KB
MD5

fb82318e783f349f265555896d33b732
SHA1

fea516159599c8088044c06d48e105a567c4e3d4
SHA256

f3125002f98787e885befa87cae281c8d5f573a30bb4fdfc724eb31c71515ec7
SHA512

6f3410b020933e85c7196dfa55645ddf3b071727c5496e66e9c450db813d9c4b261a5eeb7c7826e958adbe1cdf83cce7eb9c788dfd52fe9683df4a253ea5d8ec
SSDEEP

1536:bJdWMLHcHhmIKwtVPnZjo2OZxhK1cScSK:bJkML8HhoQVPZjo2O7hKk

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://8.130.30.84:7777/jqueryoZwEoRkjoz-3846123566.9899899.91798989.slim.min.js

Attributes

headers Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3125002f98787e885befa87cae281c8d5f573a30bb4fdfc724eb31c71515ec7

Files

f3125002f98787e885befa87cae281c8d5f573a30bb4fdfc724eb31c71515ec7
.exe windows:6 windows x86

6fdb0567ab3b040072af241963aa2b0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
GetCurrentThreadId
FreeLibrary

msvcp140d

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ

vcruntime140d

__vcrt_GetModuleHandleW
__CxxFrameHandler3
__std_type_info_destroy_list
__current_exception
_except_handler4_common
__current_exception_context
memset
__vcrt_LoadLibraryExW
__vcrt_GetModuleFileNameW

ucrtbased

_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_c_exit
_cexit
__p___argv
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_CrtDbgReport
strlen
__stdio_common_vfprintf
__acrt_iob_func
_configthreadlocale
_seh_filter_dll
__p___argc

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 547B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

NewSec
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

6fdb0567ab3b040072af241963aa2b0a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140d

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.msvcjmc Size: 1024B - Virtual size: 547B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

NewSec Size: 39KB - Virtual size: 39KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.msvcjmc
Size: 1024B - Virtual size: 547B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

NewSec
Size: 39KB - Virtual size: 39KB