metasploit | 3d23cd5c9c2dac011b71de3ad74097ed

Sharing

Copy URL Twitter E-mail

General

Target

3d23cd5c9c2dac011b71de3ad74097ed
Size

592KB
MD5

3d23cd5c9c2dac011b71de3ad74097ed
SHA1

b516b7f52a6318f35e19f7908bc6143a38ac0c59
SHA256

910e2773fe42a7c92c4f0e497034462a5f64fd538cc9d33a1814dba8bf345baa
SHA512

b1a3b98c5739cc0d4cc2af540f255a093c08c32e3e74ab30d4efe063e761959166531a84cb69d9f31d77d179cfdaadc1ad124c87d640d8c8c225db6bd80816d7
SSDEEP

12288:7SBzgbO4AnFGK+QT+ktCbHW4dfyOnc/9y1d4audP2loWX:1O4I+QT+kobHW41fnG9Md4T12Ow

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d23cd5c9c2dac011b71de3ad74097ed

Files

3d23cd5c9c2dac011b71de3ad74097ed
.exe windows:5 windows x86 arch:x86

092ca20b4e2feda3e25dbe39504603ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

CloseHandle
CreateFileA
GetTickCount
WriteFile
CreateProcessA
GetTempPathA
CreateThread
ExitProcess
SetPriorityClass
GetLocaleInfoA
MoveFileExA
GetCurrentProcess
GetCurrentThread
SetProcessPriorityBoost
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
OpenMutexA
CreateMutexA
ReleaseMutex
GetLastError
GetCurrentProcessId
DeleteFileA
lstrlenA
FreeLibrary
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
lstrcmpiA
WinExec
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
SetEvent
CreateEventA
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ExitThread
EnterCriticalSection
OpenEventA
WaitForMultipleObjects
DeleteCriticalSection
WideCharToMultiByte
LocalFree
FlushFileBuffers
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetModuleFileNameA
Process32Next
SetFileAttributesA
CopyFileA
CreateDirectoryA
Sleep
GetWindowsDirectoryA
Process32First
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
WaitForSingleObject
VirtualQuery
HeapFree
UnhandledExceptionFilter
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
HeapAlloc
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection

user32

FindWindowA
IsWindow
GetWindowThreadProcessId
SwitchToThisWindow
IsCharAlphaNumericA
IsCharAlphaA
RegisterDeviceNotificationA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageA
DestroyWindow
BlockInput
GetWindowTextA
GetForegroundWindow
SendMessageA
FindWindowExA
keybd_event
RealGetWindowClassA
SetFocus
SetForegroundWindow
VkKeyScanW
SendInput
MapVirtualKeyA
VkKeyScanA
GetMenuItemID
PostMessageA
IsWindowVisible

advapi32

LookupPrivilegeValueA
IsTextUnicode
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
RegQueryValueExA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
GetUserNameA
RegOpenKeyExA

shell32

ShellExecuteA
SHChangeNotify
ShellExecuteExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit

ws2_32

recv
select
send
gethostbyname
closesocket
socket
WSACleanup
WSAGetLastError
inet_addr
WSAStartup
connect
htonl
ntohl
inet_ntoa
gethostname
ioctlsocket
htons

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

shlwapi

SHDeleteKeyA

mpr

WNetCancelConnectionA
WNetUseConnectionA
WNetCancelConnection2A
WNetGetLastErrorA

rpcrt4

RpcBindingFromStringBindingA
RpcStringFreeA
RpcMgmtIsServerListening
RpcMgmtSetComTimeout
NdrClientCall2
RpcMgmtInqStats
RpcBindingFree
RpcStringBindingComposeA
RpcMgmtStatsVectorFree

comctl32

ord17

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

13mhldpg
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

l32nct66
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4ye6g2n5
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.arsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

092ca20b4e2feda3e25dbe39504603ca

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

ntdll

shlwapi

mpr

rpcrt4

comctl32

Sections

.text Size: 364KB - Virtual size: 364KB

.rsrc Size: 12KB - Virtual size: 12KB

13mhldpg Size: 52KB - Virtual size: 52KB

l32nct66 Size: 72KB - Virtual size: 72KB

4ye6g2n5 Size: 4KB - Virtual size: 4KB

.arsrc Size: 76KB - Virtual size: 76KB

.text
Size: 364KB - Virtual size: 364KB

.rsrc
Size: 12KB - Virtual size: 12KB

13mhldpg
Size: 52KB - Virtual size: 52KB

l32nct66
Size: 72KB - Virtual size: 72KB

4ye6g2n5
Size: 4KB - Virtual size: 4KB

.arsrc
Size: 76KB - Virtual size: 76KB