metasploit | 33f3da356be5a54dbd1c837b20fb8d93

Sharing

Copy URL Twitter E-mail

General

Target

33f3da356be5a54dbd1c837b20fb8d93
Size

27KB
MD5

33f3da356be5a54dbd1c837b20fb8d93
SHA1

67e291a4103c14de33810e739a4b0b34c5ba5447
SHA256

ab1215d458da8fee0275e035c8105365e0959b2bfbfb6e2ecf1e953dd5a3adf4
SHA512

83cd3330baffcc1d3e98afef95a315f0d8f3df90f4db09bb0daab995b60432e93c24e356f1603f4e83b89b044085a547d40588c30a4ca4174f293093a58c3f0e
SSDEEP

384:QzrbOYKWCJxhd2WS/YWyiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiiriid:ICbPQ7

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.118.128:3333

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33f3da356be5a54dbd1c837b20fb8d93

Files

33f3da356be5a54dbd1c837b20fb8d93
.exe windows:10 windows x64 arch:x64

8eeaa9499666119d13b3f44ecd77a729

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

ShellExecuteW

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetCurrentProcessId
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
RtlLookupFunctionEntry

msvcrt

__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_cexit
__wgetmainargs
_amsg_exit
_XcptFilter
exit
__set_app_type
_exit

advapi32

EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

8eeaa9499666119d13b3f44ecd77a729

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

msvcrt

advapi32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 240B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 44B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 240B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 44B