metasploit | 38d90d4146e5ee8c1a62f0a62cd6e003

Sharing

Copy URL Twitter E-mail

General

Target

38d90d4146e5ee8c1a62f0a62cd6e003
Size

40KB
MD5

38d90d4146e5ee8c1a62f0a62cd6e003
SHA1

4fb089e57f2842d4f8f543f2a9227f75e68e9149
SHA256

8b051d6d7aac0e6b0cee59451a06e7e684e1acdf84e74e3e342194f9ab05ae36
SHA512

5719923ab4d1bf32c676dab743f89ac0e46a4c051ca289a2e51e4bc494a20501cd9624efce7419b91ea47cb9216a6652875ae85f5d536d1cdb42943bbb831c29
SSDEEP

768:vfgP5G5+MIzes4nPj7E55WfNoKTIvR3W:ngPQfYe1nXEk2o

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

144.85.149.179:8080

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38d90d4146e5ee8c1a62f0a62cd6e003

Files

38d90d4146e5ee8c1a62f0a62cd6e003
.exe windows:4 windows x86 arch:x86

5b6633c83f76bb953597d4811f625220

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

dtr

?nReviseTime@@3IA
?hModifyTimeMutex@@3PAXA
?ghMainWnd@@3PAUHWND__@@A
?giSliderPos@@3HA
?STTrampoline@@3P6GIPAUHWND__@@IIP6GX0IIK@Z@ZA
?nScaleMultiple@@3IA
?nBaseQPC@@3T_LARGE_INTEGER@@A
?nReviseQPC@@3T_LARGE_INTEGER@@A
?nBaseGTC@@3IA
?QPCTrampoline@@3P6GHPAT_LARGE_INTEGER@@@ZA
?GTCTrampoline@@3P6GKXZA

hook

?SetHook@@YAHPAUHWND__@@@Z
?gnHotKey4@@3KA
?gnHotKey3@@3KA
?gnHotKey2@@3KA
?gnHotKey1@@3KA

mfc42

ord3831
ord3825
ord3079
ord4080
ord3830
ord2976
ord4627
ord3582
ord567
ord825
ord616
ord4275
ord4673
ord4424
ord6375
ord4274
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4486
ord5307
ord5289
ord5714
ord4622
ord4698
ord561
ord815
ord641
ord683
ord656
ord790
ord692
ord2514
ord2985
ord3081
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord324
ord4234
ord3716
ord3610
ord3262
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3402
ord3639
ord1146
ord1168
ord2302
ord6111
ord6199
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord4224
ord3873
ord4694
ord2864
ord6453
ord3631
ord2301
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4398
ord1776
ord4078
ord6055
ord2578
ord4218
ord2023
ord2411
ord2621
ord1134
ord3738
ord1771
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
memset
memcpy
printf
strlen
floor
_CIpow
_ftol
_splitpath
_controlfp
sprintf
sscanf
__CxxFrameHandler
_makepath
_setmbcp

kernel32

lstrcpyA
GetPrivateProfileIntA
GetCurrentProcess
SetPriorityClass
CreateMutexA
GetLastError
GetModuleFileNameA
CloseHandle
OpenProcess
CreateProcessA
GetModuleHandleA
SetCurrentDirectoryA
SetThreadPriority
ReleaseMutex
WaitForSingleObject
QueryPerformanceCounter
GetThreadPriority
GetCurrentThread
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WritePrivateProfileStringA
CreateRemoteThread
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
GetProcAddress
ResumeThread
SetThreadContext
FlushInstructionCache
GetThreadContext
SuspendThread
GetStartupInfoA
GetPrivateProfileStringA

user32

SetForegroundWindow
LoadIconA
wsprintfA
EnableWindow
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetWindowThreadProcessId
IsWindowVisible
GetWindow
KillTimer

comdlg32

GetOpenFileNameA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

5b6633c83f76bb953597d4811f625220

Headers

File Characteristics

Imports

winmm

dtr

hook

mfc42

msvcrt

kernel32

user32

comdlg32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 728B

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 728B

.rsrc
Size: 8KB - Virtual size: 4KB