metasploit | 49b8deb93a8ec084dadcc001c94efc5f6e19e69f6a3cd6501e794c61d9340b68

Sharing

Copy URL Twitter E-mail

General

Target

49b8deb93a8ec084dadcc001c94efc5f6e19e69f6a3cd6501e794c61d9340b68
Size

209KB
MD5

896587797daac8413d0a7ecfa71dcc8a
SHA1

66fbd2f20f9c2afd99a016ab0cfd9c5873749eff
SHA256

49b8deb93a8ec084dadcc001c94efc5f6e19e69f6a3cd6501e794c61d9340b68
SHA512

b606fe3886059fc31d2961ab0b7eb9ed4bad288fe9fbb2e81e8d09c361eb394ea33b881fce2e26b1acecb597925f717d66fca28b261e0a388c255b32749bc1ae
SSDEEP

3072:tw2Z0Ecnn5QADcA5rvjmvvthUKFBtpmfWqZvZuJWNGuAg0FujT+9kLwc5Q:tw2ZzK1ccTjmvvtKKvCZvfAOJLR

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://192.168.1.62:8442/1dnY

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49b8deb93a8ec084dadcc001c94efc5f6e19e69f6a3cd6501e794c61d9340b68

Files

49b8deb93a8ec084dadcc001c94efc5f6e19e69f6a3cd6501e794c61d9340b68
.exe windows:6 windows x86

ef2c0b7312c0a6cfa32d35aa8f29e298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
WriteFile
VirtualAlloc
GetCurrentDirectoryA
FreeResource
CreateToolhelp32Snapshot
GetFileAttributesA
Process32NextW
CreateFileA
LockResource
Process32FirstW
CloseHandle
LoadResource
FindResourceW
SetFileAttributesA
GetModuleHandleW
CreateProcessA
CreateFileW
HeapSize
GetProcessHeap
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
WaitForSingleObjectEx
Sleep
GetExitCodeThread
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
RtlUnwind
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW

shlwapi

StrCmpIW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

ef2c0b7312c0a6cfa32d35aa8f29e298

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 7KB