metasploit | 2c62819a9eaef93aa5b94fa221ab09493d587ac50c136edfd5da8743c6213a3c

Sharing

Copy URL Twitter E-mail

General

Target

2c62819a9eaef93aa5b94fa221ab09493d587ac50c136edfd5da8743c6213a3c
Size

32KB
MD5

fc1b1164314d303fd6dd91b05a5d9ff3
SHA1

98803a9701bd8cc60e5fd2c925d6b44e34f49f8a
SHA256

2c62819a9eaef93aa5b94fa221ab09493d587ac50c136edfd5da8743c6213a3c
SHA512

99e7647be800bafb1dfa9368aeecca3fddd4c385375f3368edc393fc2e4d8e8e48be06079a0f687df0ea789a46aacdc887a99c442c34ec5d38e6eaee70d350f6
SSDEEP

384:JrzO8C+J+fMJCn1Qy5wd+OdE96v7wUbRmbSXS2xCtbCK:JO8O1t7ZQ8UMdj

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://192.168.8.154:443/J7lo

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c62819a9eaef93aa5b94fa221ab09493d587ac50c136edfd5da8743c6213a3c

Files

2c62819a9eaef93aa5b94fa221ab09493d587ac50c136edfd5da8743c6213a3c
.exe windows:5 windows x86

a59699a5cd8d664c36a602e3e5f70af7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90d

_unlock
__dllonexit
_invoke_watson
_onexit
_decode_pointer
_except_handler4_common
_controlfp_s
?terminate@@YAXXZ
_crt_debugger_hook
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
__initenv
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_CRT_RTC_INITW
printf
memset
_lock
strlen

kernel32

VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
DebugBreak
RaiseException
IsDebuggerPresent
InterlockedCompareExchange
Sleep
InterlockedExchange
FreeLibrary

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

a59699a5cd8d664c36a602e3e5f70af7

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90d

kernel32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB