metasploit | 08452d3d1decdcb90b1ff1191ac91917

Sharing

Copy URL Twitter E-mail

General

Target

08452d3d1decdcb90b1ff1191ac91917
Size

93KB
MD5

08452d3d1decdcb90b1ff1191ac91917
SHA1

40b477b947d2bfd7b7d1a727c5b0d0851c4036c8
SHA256

fe0aa0ba7eb9fcbd0eedb154a73732a4e914dd64bc6d3a3d0fbad069f349a7f0
SHA512

95109b3ff7b13fabafe4177ebdd7c7311b615e22b86d9c1b1f92fb83d47d7fd1d9c76a228e7a4817e4a3d3c54180bec7b43a66c12ce0cc7da9ea9a3eb12d677e
SSDEEP

1536:xfIuZe3y17vBuq6et/nbfutnrivkqpiUjPgAWwC+dBYSjNhtbKR/dON:hbZQ87lbm9rOLDIf+XYs/lK

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08452d3d1decdcb90b1ff1191ac91917

Files

08452d3d1decdcb90b1ff1191ac91917
.exe .vbs windows:4 windows x86 arch:x86 polyglot

998a2a1fa43bfab1afc007089b57cf9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceCtrlDispatcherA
DeleteService
OpenServiceA
OpenSCManagerA
CloseServiceHandle
EnumServicesStatusA
SetServiceStatus
RegisterServiceCtrlHandlerA
ImpersonateLoggedOnUser
OpenProcessToken
CreateServiceA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
QueryServiceLockStatusA
LockServiceDatabase

crypt32

CryptUnprotectData

kernel32

GetLocalTime
CreateThread
GetTickCount
Sleep
CreateMutexA
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
GetProcAddress
LoadLibraryA
TerminateThread
lstrcmp
CloseHandle
ReadFile
lstrlen
GetFileSize
CreateFileA
lstrcpy
DeleteFileA
WriteFile
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoA
GetVersionExA
CreateProcessA
WinExec
GetEnvironmentVariableA
lstrcat
MoveFileExA
GetShortPathNameA
lstrcpyn
GetLastError
WaitForSingleObject
lstrcmpi
OpenProcess
ExitThread
LocalFree
LocalAlloc

msvcrt

_onexit
__dllonexit
_snprintf
_vsnprintf
fopen
_stat
fseek
ftell
fread
fclose
sscanf
strtoul
strtok
strstr
strncpy
atoi
exit
srand
rand
sprintf

odbc32

SQLDriverConnect
SQLExecDirect
SQLFreeHandle
SQLAllocHandle
SQLSetEnvAttr

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

shell32

ShellExecuteA

user32

wsprintfA
SetForegroundWindow
CharLowerA
EnumWindows
GetWindowTextA
GetClassNameA
VkKeyScanA
keybd_event
FindWindowA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
BringWindowToTop
ShowWindow
SetFocus

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

ws2_32

getsockname
gethostbyname
WSACleanup
getpeername
setsockopt
ioctlsocket
WSAStartup
closesocket
recv
inet_addr
bind
listen
select
__WSAFDIsSet
accept
send
htons
socket
connect

Sections

.data
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

998a2a1fa43bfab1afc007089b57cf9f

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

odbc32

psapi

shell32

user32

wininet

ws2_32

Sections

.data Size: 42KB - Virtual size: 44KB

Size: 44KB - Virtual size: 44KB

Size: 2KB - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.data
Size: 42KB - Virtual size: 44KB

.idata
Size: 3KB - Virtual size: 4KB