114ed19cf027d9921bab4fcfe91701e98462d8fa4b69a639661a8972401228e7

Sharing

Copy URL

Twitter E-mail

General

Target

114ed19cf027d9921bab4fcfe91701e98462d8fa4b69a639661a8972401228e7
Size

15.5MB
MD5

0b87b4fbdbd1d375774709fb74edeb39
SHA1

32354f3ac36c178c3eb78cafff67c6b4f507220a
SHA256

114ed19cf027d9921bab4fcfe91701e98462d8fa4b69a639661a8972401228e7
SHA512

a6c6802912f40ec0a723e8d792c8091e8ed20173c08e2b2abcffc6f55490928ad9ad4d356cc7015fbfb96af718166f89f5fd3041a8775d310bea76535058ae8a
SSDEEP

393216:/QmT1xtNUOU7uvPKqNNhuimQaGtrlU14YapEBYDvM:/QUxtuVi+QaGtrHEB2vM

Score

9^/10

oss_ak

Malware Config

Signatures

detect oss ak 1 IoCs

oss ak information detected.

oss_ak

resource	yara_rule
static1/unpack001/CodeTest-main/payload_html/wget.exe	detect_ak_stuff

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CodeTest-main/payload_html/npc.exe
unpack001/CodeTest-main/payload_html/wget.exe

Files

114ed19cf027d9921bab4fcfe91701e98462d8fa4b69a639661a8972401228e7
.zip
CodeTest-main/ClassCongregation.py
CodeTest-main/CodeTest.bat
.bat .vbs
CodeTest-main/CodeTest.pyw
.js
CodeTest-main/EXP/ALL.py
CodeTest-main/EXP/ApacheShiro.py
CodeTest-main/EXP/ApacheSolr.py
CodeTest-main/EXP/ApacheTomcat.py
.py .js
CodeTest-main/EXP/FineReport.py
CodeTest-main/EXP/LandrayOA.py
CodeTest-main/EXP/PHPStudy.py
CodeTest-main/EXP/WindowsSMBv3.py
.py .js
CodeTest-main/POC/ByPass403.py
CodeTest-main/POC/ByWAF_Mysql.py
CodeTest-main/POC/Editor_vul.py
CodeTest-main/POC/FOFA.py
CodeTest-main/POC/GetCMS.py
CodeTest-main/POC/GoogleHacking.py
CodeTest-main/POC/IIS_MS15-034_Range_bytes.py
CodeTest-main/POC/IIS_shortname_Scan.py
.py .sh linux
CodeTest-main/POC/JSFinder.py
.py .sh linux
CodeTest-main/POC/JSencode.py
CodeTest-main/POC/LinkFinder.py
.py .sh linux
CodeTest-main/POC/Nginx_iis_scan.py
.py .sh linux
CodeTest-main/POC/Scan_zip.py
CodeTest-main/POC/ThinkphpVersion.py
CodeTest-main/POC/URL_getTitle.py
CodeTest-main/POC/Weblogic_GIOP.py
.sh .js linux
CodeTest-main/POC/Weblogic_T3.py
.sh .js linux
CodeTest-main/POC/js_examples/enpassword.js
.js
CodeTest-main/POC/js_examples/md5.js
.js
CodeTest-main/POC/js_examples/top100password.txt
CodeTest-main/POC/xcdn.py
CodeTest-main/POC/模板.py
CodeTest-main/Proxy/WebRequest.py
CodeTest-main/Proxy/handler/__init__.py
CodeTest-main/Proxy/handler/__pycache__/__init__.cpython-37.pyc
CodeTest-main/Proxy/handler/__pycache__/configHandler.cpython-37.pyc
CodeTest-main/Proxy/handler/__pycache__/logHandler.cpython-37.pyc
.vbs
CodeTest-main/Proxy/handler/__pycache__/proxyHandler.cpython-37.pyc
CodeTest-main/Proxy/handler/configHandler.py
CodeTest-main/Proxy/handler/logHandler.py
.py .vbs
CodeTest-main/Proxy/handler/proxyHandler.py
.py .js
CodeTest-main/Proxy/helper/__pycache__/__init__.cpython-37.pyc
CodeTest-main/Proxy/helper/__pycache__/check.cpython-37.pyc
CodeTest-main/Proxy/helper/__pycache__/proxy.cpython-37.pyc
CodeTest-main/Proxy/helper/__pycache__/validator.cpython-37.pyc
CodeTest-main/Proxy/helper/check.py
CodeTest-main/Proxy/helper/fetch.py
CodeTest-main/Proxy/helper/proxy.py
CodeTest-main/Proxy/helper/validator.py
CodeTest-main/Proxy/ips.txt
CodeTest-main/Proxy/proxyFetcher.py
CodeTest-main/Proxy/proxySetting.py
CodeTest-main/Proxy/sqlmap_auto_proxy.bat
CodeTest-main/Proxy/sqlmap_auto_proxy.py
.py .js
CodeTest-main/Proxy/util/__init__.py
CodeTest-main/Proxy/util/lazyProperty.py
CodeTest-main/Proxy/util/singleton.py
CodeTest-main/Proxy/util/six.py
CodeTest-main/README.md
CodeTest-main/Template/EXP.j2
CodeTest-main/Template/POC.j2
CodeTest-main/data/bool_blind.xml
CodeTest-main/data/error.xml
.xml
CodeTest-main/data/time_blind.xml
.xml
CodeTest-main/execScripts/Caidao_cmd.jsp
CodeTest-main/execScripts/Caidao_shell.asp
CodeTest-main/execScripts/Caidao_shell.aspx
.asp
CodeTest-main/execScripts/Caidao_shell.php
CodeTest-main/img/1.png
.png
CodeTest-main/img/2.png
.png
CodeTest-main/lib/green.png
.png
CodeTest-main/lib/note.txt
CodeTest-main/lib/red.png
.png
CodeTest-main/payload_html/Ueditor/Ueditor.html
CodeTest-main/payload_html/Ueditor/ueditor.png
.png
CodeTest-main/payload_html/chrome_payload.html
.html .js
CodeTest-main/payload_html/key.sh
.sh linux
CodeTest-main/payload_html/kindeditor.html
.html .js
CodeTest-main/payload_html/npc
.elf linux x64
CodeTest-main/payload_html/npc.exe
.exe windows:6 windows x64 arch:x64

f42ff1ef15a23ca4dd23d78dc0962f09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
QueryFullProcessImageNameA
ProcessIdToSessionId
PostQueuedCompletionStatus
OpenProcess
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 482KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeTest-main/payload_html/nps
.elf linux aarch64
CodeTest-main/payload_html/wget.exe
.exe windows:4 windows x64 arch:x64

077fd1a1b4680f424e9219486bb6f752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
GetUserNameW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceW
ReportEventW

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

AddVectoredExceptionHandler
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkA
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersion
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryA
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OpenProcess
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTitleA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnlockFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__argv
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_chdir
_chmod
_close
_commode
_dup
_dup2
_endthreadex
_environ
_errno
_exit
_fdopen
_filelengthi64
_fileno
_findclose
_findfirst64
_findnext64
_fmode
_fstat64
_fullpath
_get_osfhandle
_getch
_getcwd
_getmaxstdio
_getmbcp
_getpid
_gmtime64
_initterm
_isatty
_isctype
_localtime64
_lock
_lseeki64
_mkdir
_mkgmtime64
_onexit
_open
_open_osfhandle
_pipe
_putenv
_read
_setjmp
_setmaxstdio
_setmode
_stat64
_strdup
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_telli64
_time64
_ultoa
_unlink
_unlock
_vscprintf
_vsnprintf
_vsnwprintf
_waccess
_wfopen
_wopen
_write
abort
atoi
bsearch
calloc
clearerr
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
puts
qsort
raise
rand
realloc
rename
rewind
setbuf
setlocale
setvbuf
signal
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tmpfile
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsstr
wcstombs
longjmp
_write
_strnicmp
_strdup
_setmode
_read
_putenv
_open
_lseek
_isatty
_getpid
_fileno
_dup
_close
_access
_stricmp

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

shell32

SHGetSpecialFolderPathW

user32

DispatchMessageA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketW
WSAStartup
WSAStringToAddressW
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CodeTest-main/python.ico
CodeTest-main/requirements.txt
CodeTest-main/settings.py
CodeTest-main/util/ExpRequest.py
CodeTest-main/util/globalvar.py
.py .sh linux

Sharing

General

Malware Config

Signatures

Files

f42ff1ef15a23ca4dd23d78dc0962f09

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 5.9MB - Virtual size: 5.9MB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 482KB - Virtual size: 731KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 238KB - Virtual size: 237KB

.symtab Size: 512B - Virtual size: 4B

077fd1a1b4680f424e9219486bb6f752

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

ole32

shell32

user32

ws2_32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.data Size: 52KB - Virtual size: 51KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 122KB - Virtual size: 121KB

.xdata Size: 106KB - Virtual size: 106KB

.bss Size: - Virtual size: 81KB

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

/4 Size: 512B - Virtual size: 20B

.text
Size: 5.9MB - Virtual size: 5.9MB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 482KB - Virtual size: 731KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 238KB - Virtual size: 237KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 52KB - Virtual size: 51KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 122KB - Virtual size: 121KB

.xdata
Size: 106KB - Virtual size: 106KB

.bss
Size: - Virtual size: 81KB

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 512B - Virtual size: 20B