metasploit | c0922f9991b89f0d813b3ba6446083d9

General

Target

c0922f9991b89f0d813b3ba6446083d9
Size

58KB
MD5

c0922f9991b89f0d813b3ba6446083d9
SHA1

1fcc098745634000f69cee324bddc9523c42b0e4
SHA256

da595c58b0d93303e2fbe7cda97279c2c953b4a6326c212205076dcdb822241c
SHA512

cc157341217254ecaecce368c213bafc3337261c7a3daa8a68fd168ad88a3092096d5cf85cd648608364c70c957acaa9ea6e9dbaec8f40f2ed101a4ee5365665
SSDEEP

1536:JeZatcodBTWpZ5VkCf3EV2NGjjOr/86p2Rog:JRtcoUZbh/KshKog

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.7:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0922f9991b89f0d813b3ba6446083d9

Files

c0922f9991b89f0d813b3ba6446083d9
.exe windows:4 windows x86 arch:x86

9a07a268dfdfe636c092c15eecfb3042

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
GetLastError
CreateThread
CreatePipe
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
GetStdHandle
FreeConsole
VirtualFree
VirtualAlloc
LCMapStringA
SetEndOfFile
LCMapStringW
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
HeapReAlloc
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetProcAddress
SetStdHandle
SetEnvironmentVariableA
SetFilePointer
CompareStringA
GetOEMCP
CompareStringW
GetCPInfo
GetEnvironmentStringsW
GetACP
HeapFree
HeapAlloc
CloseHandle
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
RtlUnwind
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar

wsock32

__WSAFDIsSet
getsockname
select
listen
WSASetLastError
recvfrom
accept
bind
socket
setsockopt
getservbyport
connect
htons
ioctlsocket
ntohs
getservbyname
gethostbyaddr
gethostbyname
inet_addr
WSACleanup
WSAGetLastError
WSAStartup
closesocket
recv
send

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

9a07a268dfdfe636c092c15eecfb3042

Headers

File Characteristics

Imports

kernel32

wsock32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 15KB - Virtual size: 20KB

.idata Size: 2KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 15KB - Virtual size: 20KB

.idata
Size: 2KB - Virtual size: 1KB