metasploit | 47f3680c0e0abc493fee005a37906176

Sharing

Copy URL Twitter E-mail

General

Target

47f3680c0e0abc493fee005a37906176
Size

288KB
MD5

47f3680c0e0abc493fee005a37906176
SHA1

03436e8d76f6a5a64d6d9b375b02a52d484d2f1d
SHA256

e77936cbbe87b0947c9d41e7a99c66469b7a1574eb0741e0692f4ac61ed10789
SHA512

90045c77df9d16b98b1688be064ebb9a4fd5e4673cc582029ff7c7145427e094ff5d23201055f95952088164a1a2604deefd8a15e6ab881dd923461b6f5e0bde
SSDEEP

6144:A00pB8owurjK8goHNpluJBMRuYI0y67cK:A00pHr2IHNpaBMoYhy6

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

193.36.15.10:8080

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47f3680c0e0abc493fee005a37906176

Files

47f3680c0e0abc493fee005a37906176
.exe windows:4 windows x86 arch:x86

205fcd40c9562970436b9e64ad20e789

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA

comctl32

ord14
ord15
ord17
ord13

comdlg32

GetOpenFileNameA
ChooseFontA
ChooseColorA
GetSaveFileNameA

gdi32

CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
RealizePalette
SelectPalette
CreatePalette
ExtTextOutA
GetCharacterPlacementW
ExtTextOutW
GetPixel
SetBkMode
SetTextAlign
CreateCompatibleBitmap
TranslateCharsetInfo
GetObjectA
GetTextMetricsA
CreateFontA
LineTo
MoveToEx
CreatePen
SetPixel
Polyline
GetCharWidthW
GetCharWidth32W
GetCharWidthA
GetCharWidth32A
SetPaletteEntries
UnrealizeObject

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow

shell32

ShellExecuteA

user32

DestroyCaret
HideCaret
ShowCaret
CreateCaret
IsWindow
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetDoubleClickTime
WinHelpA
MessageBoxIndirectA
UpdateWindow
EnableMenuItem
DefWindowProcA
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
GetCursorPos
TrackPopupMenu
GetKeyboardLayout
SetKeyboardState
ToAsciiEx
SetScrollInfo
GetMessageTime
PostMessageA
GetSystemMenu
CheckMenuItem
IsZoomed
FlashWindow
GetClipboardData
RegisterClipboardFormatA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCaretPos
SetTimer
GetKeyboardState
SetClassLongA
SetCursor
ShowCursor
CreatePopupMenu
InsertMenuA
DeleteMenu
AppendMenuA
IsIconic
GetSystemMetrics
GetCapture
ReleaseCapture
LoadIconA
GetDesktopWindow
MoveWindow
DefDlgProcA
LoadCursorA
CreateDialogParamA
GetMessageA
GetWindowLongA
IsDialogMessageA
DispatchMessageA
PostQuitMessage
EnableWindow
DialogBoxParamA
EndDialog
GetParent
SetActiveWindow
GetWindowPlacement
SetWindowPlacement
RegisterWindowMessageA
DrawEdge
SetCapture
MessageBoxA
SetFocus
GetDlgItem
GetDlgItemTextA
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetWindowLongA
MessageBeep
SendDlgItemMessageA
GetDC
ReleaseDC
SendMessageA
MapDialogRect
GetCaretBlinkTime
DestroyWindow
RegisterClassA
GetSysColor
SystemParametersInfoA
GetWindowRect
CreateWindowExA
ShowWindow
KillTimer

winmm

PlaySoundA

winspool.drv

StartDocPrinterA
WritePrinter
EndDocPrinter
ClosePrinter
EnumPrintersA
EndPagePrinter
StartPagePrinter
OpenPrinterA

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
SetEndOfFile
InterlockedExchange
RtlUnwind
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetFilePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetTimeZoneInformation
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
DeleteFileA
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetACP
GetLocalTime
GetEnvironmentVariableA
GetWindowsDirectoryA
SetCommBreak
CreateFileA
GetCommState
SetCommState
SetCommTimeouts
ClearCommBreak
CreatePipe
SetHandleInformation
FreeLibrary
CreateThread
WriteFile
CreateEventA
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
SetEvent
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Beep
LoadLibraryA
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
IsDBCSLeadByteEx
GetLocaleInfoA
GetOEMCP
GetCPInfo
lstrcpynA
GetModuleHandleA
GetProcAddress
GetVersionExA
MulDiv
GetTickCount

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

205fcd40c9562970436b9e64ad20e789

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

imm32

shell32

user32

winmm

winspool.drv

kernel32

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 4KB - Virtual size: 26KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 4KB - Virtual size: 26KB

.rsrc
Size: 16KB - Virtual size: 14KB