metasploit | 27d79777d5d8fc81f2524933fe450ee4

General

Target

27d79777d5d8fc81f2524933fe450ee4
Size

64KB
MD5

27d79777d5d8fc81f2524933fe450ee4
SHA1

1867adbcf9be62a78e97bd55a4cef4501bd4aa38
SHA256

4029ae7d001e0bb3481c129fd4fb6b3c10489ad69f38695275c897ea23036d86
SHA512

1bc8dce9ed1cb3bada137b6f8aee3c01e1ef2523d1914f54d65155a391f6faaa28e7d60e68f6024d7ad15333beb3da7a8d3b2bbcca41c0bd527d8bf63f3a93e7
SSDEEP

1536:9Qkkn8E/lxU+jy5sti8aMH2K+LJ9i+odK6D:yndsutiZAK6D

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27d79777d5d8fc81f2524933fe450ee4

Files

27d79777d5d8fc81f2524933fe450ee4
.exe .vbs windows:4 windows x86 arch:x86 polyglot

fb2d03e60367bb0c960226252f4b0d0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
SetEndOfFile
GetTimeZoneInformation
HeapSize
GetLocaleInfoA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
SetFilePointer
ExitProcess
HeapAlloc
HeapReAlloc
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
FlushFileBuffers
InitializeCriticalSection
ReadFile
CreateFileA
GetACP
GetOEMCP
GetCPInfo
SetEnvironmentVariableA

ws2_32

WSAStartup
ntohl
htonl
inet_ntoa
WSACleanup
WSAGetLastError
send
ioctlsocket
inet_addr
htons
connect
__WSAFDIsSet
shutdown
closesocket
select
recv
socket

mpr

WNetAddConnection2A
WNetCancelConnection2A

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

fb2d03e60367bb0c960226252f4b0d0f

Headers

File Characteristics

Imports

kernel32

ws2_32

mpr

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 9KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 9KB