metasploit | 368082d579e5dffc43e68c456e4ce6cd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

368082d579e5dffc43e68c456e4ce6cd
Size

81KB
MD5

368082d579e5dffc43e68c456e4ce6cd
SHA1

f00a0c9dfba94d452edf37c068024e2169e166a7
SHA256

ee63dea72087e884146534b25652fd9cf8767d748a12959d2140c13dc2b83f69
SHA512

e19cf5dba47b530f792d0b6f9742e93872b6dd5e64b605d58e57eee960c3a1a082eee4361222c91a275065a4ccd2b402a0d89d0aa69e1888c0f437b69ce2dac4
SSDEEP

768:CyhpmuY0zg5DPCPro7D12PQ1SiHToBxc0dPuZv+9I3bQkr8Hy09tu5GkrhIoJwj+:djnz4CPcOM3ba26jy8WBnEmDFj

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
368082d579e5dffc43e68c456e4ce6cd

Files

368082d579e5dffc43e68c456e4ce6cd
.exe windows:4 windows x86 arch:x86

ab37df7e306b0fc37913a9cdfbc4585c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrPointerBufferSize
NdrPointerMarshall
NdrConvert
RpcRaiseException
NdrClientInitializeNew
NdrConformantStringBufferSize
NdrGetBuffer
NdrConformantStringMarshall
NdrSendReceive
NdrFreeBuffer
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqNextA
UuidToStringA
RpcBindingToStringBindingA
RpcStringFreeA
RpcBindingFree

msvcrt

_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_except_handler3
atoi
malloc
free
exit
printf
strlen
strchr
strcmp
sprintf
memcpy
memset

kernel32

GetVersionExA
GetModuleHandleA

ws2_32

send
connect
socket
htons
inet_addr
WSAStartup
recv

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE