metasploit | 863352c0fd637295300076d2166f249f878db82a194ff4d000ae51252f0c1517

Sharing

Copy URL Twitter E-mail

General

Target

863352c0fd637295300076d2166f249f878db82a194ff4d000ae51252f0c1517
Size

530KB
MD5

4bdf389f61692af26799b4809f9d5fdd
SHA1

0bb76940a7dd5078eb4b13b20aaae7e3da4b4994
SHA256

863352c0fd637295300076d2166f249f878db82a194ff4d000ae51252f0c1517
SHA512

eed0ed8586da2dba2a3179d2cb6f80db9b4f35a2fe1fe28aee36fb507b703c06b2dfd8f3d29d8d7ce58e9b9cf8d711f97d37dc8e6f000ab80f55e584c591b899
SSDEEP

6144:SoNpThzqvFsni+G9lTCgncsiqP8uZuQZtZNgxT9wcAOCOz6:LNpThzKFsni+G9FfncsfuQZy

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

192.168.159.128:37081

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
863352c0fd637295300076d2166f249f878db82a194ff4d000ae51252f0c1517

Files

863352c0fd637295300076d2166f249f878db82a194ff4d000ae51252f0c1517
.exe windows:4 windows x86 arch:x86

b226f0a31d8f6c5840e482ff903bb180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
OpenEventW
OpenFileMappingW
UnmapViewOfFile
CreateEventW
FormatMessageW
GetTickCount64
SetEvent
LocalFree
CreateFileMappingW
MapViewOfFile
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
WinExec
GetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
GetFullPathNameW
GetTempPathA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetWindowsDirectoryA
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
GetCurrentProcess
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
SetEndOfFile
GetCurrentDirectoryW
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
GetFileSizeEx
SetFilePointerEx
ReadFile
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleOutputCP
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
GetCurrentProcessId
CloseHandle
OpenProcess
CreateProcessW
WriteConsoleW
DuplicateHandle
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentThreadId
CreateFileW
ReadConsoleW
GetShortPathNameW
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter

user32

MessageBoxW
IsIconic
GetParent
GetClassInfoExW
IsZoomed
GetClientRect
SetWindowLongW
GetKeyState
GetFocus
MessageBoxA
SetFocus
SetCapture
SetCursor
PostQuitMessage
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
GetMessageW
SetTimer
TranslateAcceleratorW
UpdateWindow
MsgWaitForMultipleObjects
DispatchMessageW
LoadCursorW
TranslateMessage
GetWindowLongW
DefWindowProcW
PeekMessageW
CallWindowProcW
PostMessageW
GetWindow
GetWindowRect
SetWindowPos
GetPropW
MonitorFromWindow
CreateWindowExW
ScreenToClient
SendMessageW
RegisterClassExW
IsWindow
OffsetRect
GetMonitorInfoW
RegisterClassW
SetPropW

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoCreateGuid

dbghelp

UnDecorateSymbolName
SymFromAddr
SymInitialize
SymSetOptions
SymCleanup
MiniDumpWriteDump

shlwapi

StrCmpW
PathFileExistsW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pvwo
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b226f0a31d8f6c5840e482ff903bb180

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

dbghelp

shlwapi

imm32

Sections

.text Size: 300KB - Virtual size: 300KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 5KB - Virtual size: 73KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 18KB - Virtual size: 18KB

.pvwo Size: 1024B - Virtual size: 540B

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 300KB - Virtual size: 300KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 73KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 18KB - Virtual size: 18KB

.pvwo
Size: 1024B - Virtual size: 540B

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 18KB - Virtual size: 18KB