metasploit | 150896e8cd3dc9e8446aac138c57573b

Sharing

Copy URL

Twitter E-mail

General

Target

150896e8cd3dc9e8446aac138c57573b
Size

381KB
MD5

150896e8cd3dc9e8446aac138c57573b
SHA1

9f71930b323bbcd6488f9276d9d5d678d582e094
SHA256

f94c7394d0e2554f5515ce64624c291177677d2c52ad4031665f4557796c1968
SHA512

30808271cd80ac739c70d3916082cbb5aade42b887dbde3970911e183a0c7325b8b813d022008ff730ad6e674db1691010a9eff3194e244e981e0697db22af74
SSDEEP

6144:09JHW/xyqktKWQ6zdLlaaM/OO5ji/JZQ+6K22s3tm+6xSFgOQkfqf9bp:yJHW/2oKKaMWOdi/U+69c+6xIg9kC9bp

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.10.30:30700

Signatures

Metasploit family
metasploit

Files

150896e8cd3dc9e8446aac138c57573b
.exe windows:5 windows x86 arch:x86

b5b9a3c9f35a81554e2618a8297dca2e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:ba:91:51:61:fa:21:d7:f0:cd:25:0b:33:99:2f:c8:5b:57:4d:78
Signer

Actual PE Digest

f0:ba:91:51:61:fa:21:d7:f0:cd:25:0b:33:99:2f:c8:5b:57:4d:78

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

inet_ntoa
WSAStartup
gethostbyname
gethostname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetTickCount
CloseHandle
CreateFileW
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
GetConsoleScreenBufferInfo
LockResource
SizeofResource
LoadResource
FindResourceW
DeleteFileW
GetSystemDirectoryW
GetComputerNameW
WaitForSingleObject
MultiByteToWideChar
Sleep
GetVersion
GetModuleFileNameW
SetEvent
ConnectNamedPipe
ReadFile
GetDateFormatW
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetLastError
GetLastError
GetProcAddress
GetCommandLineW
LocalAlloc
LocalFree
LoadLibraryW
SetErrorMode
GetModuleHandleW
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceExW
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetCurrentProcess
InterlockedExchange
SetConsoleCtrlHandler
FlushFileBuffers
CreateFileA
RtlUnwind
GetConsoleCP
WideCharToMultiByte
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA

user32

GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextW
LoadCursorW
SetCursor
InflateRect
SendMessageW
DialogBoxIndirectParamW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

ImpersonateLoggedOnUser
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LogonUserW
RegConnectRegistryW
RevertToSelf
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

b5b9a3c9f35a81554e2618a8297dca2e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

f0:ba:91:51:61:fa:21:d7:f0:cd:25:0b:33:99:2f:c8:5b:57:4d:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

pdh

version

netapi32

ws2_32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 5KB - Virtual size: 42KB

.rsrc Size: 162KB - Virtual size: 161KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

f0:ba:91:51:61:fa:21:d7:f0:cd:25:0b:33:99:2f:c8:5b:57:4d:78
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 5KB - Virtual size: 42KB

.rsrc
Size: 162KB - Virtual size: 161KB