metasploit | 1fd80e49a807cd07996ef9bc3cb663e7

General

Target

1fd80e49a807cd07996ef9bc3cb663e7
Size

44KB
MD5

1fd80e49a807cd07996ef9bc3cb663e7
SHA1

6c611826e9d8487543449fab43a86d4eba824e97
SHA256

a351cdf51024a4f70d03459266feae9e564cfff9662be3740b0a5464543bb89d
SHA512

d3e306b1f983e60752371baa0441f880dd4cae71ce2f5918d74cb0d0982a276ab74f895694c75a0d59b229b67480736b25d9c7593a9ec68f16b61a6bd72fdeba
SSDEEP

768:pJdvqWSrrYFbKu59p4yL3NcdIhKqeIzpKxR6thHR:p7Cr8FJtNfYhIzpGK

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fd80e49a807cd07996ef9bc3cb663e7

Files

1fd80e49a807cd07996ef9bc3cb663e7
.exe windows:4 windows x86 arch:x86

0b5ecb9f4bad4ac745022eb6db19d6d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetFileSize
CreateFileA
FreeLibrary
LoadLibraryA
HeapFree
WriteFile
SetFilePointer
lstrcpyA
lstrcmpA
lstrcpynA
ReadFile
HeapAlloc
GetProcessHeap
lstrcatA
GetSystemDirectoryA
DeleteFileA
Sleep
GetLastError
GetModuleFileNameA
CreateEventA
MultiByteToWideChar
lstrcpyW
WideCharToMultiByte
lstrlenW
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TransactNamedPipe
lstrcmpiA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetCommandLineA
GetStartupInfoA
ExitProcess
GetStdHandle
GetModuleHandleA
GetProcAddress
WaitForSingleObject
CreateThread
OutputDebugStringA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetServerGetInfo
NetShareEnum
NetApiBufferFree

ws2_32

WSAGetLastError
closesocket
select
__WSAFDIsSet
socket
bind
accept
gethostbyname
inet_ntoa
recv
send
htons
listen
WSACleanup
inet_addr
WSAStartup
gethostname

iphlpapi

SendARP

rpcrt4

UuidFromStringA
UuidToStringA

user32

wsprintfA
IsCharAlphaNumericA
wvsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

0b5ecb9f4bad4ac745022eb6db19d6d4

Headers

File Characteristics

Imports

kernel32

mpr

netapi32

ws2_32

iphlpapi

rpcrt4

user32

advapi32

shell32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 59KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 59KB