metasploit | 3d34e9e4da0f7da25c6895428e7474fa

Sharing

Copy URL

Twitter E-mail

General

Target

3d34e9e4da0f7da25c6895428e7474fa
Size

182KB
MD5

3d34e9e4da0f7da25c6895428e7474fa
SHA1

cb6fd8b846bd1fe2d29cdfb555428ce06de1520c
SHA256

fd7988cd14a5d94bda21076752c48ecf94f0e5b16da4ec0a005524b03a5996d6
SHA512

c27d1d2cfbefb814c2900cfbd412409f5c52bc46ae6406a89e199369ff4253a9797a146e4c3eb1598510bcc7df544800e7fcb1360d3cc10be56d69cdf5dc3aec
SSDEEP

3072:v4CJYY0iHiakrQUr0F9cGgh5QBX8aAMVtgH:v7Jn9GPrG9Qh5eX8dUtgH

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d34e9e4da0f7da25c6895428e7474fa

Files

3d34e9e4da0f7da25c6895428e7474fa
.dll windows:4 windows x86 arch:x86

7faf2be65616730f91e96f2feb50fac5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FindClose
SetFileAttributesA
GetFileAttributesA
FindNextFileA
FindFirstFileA
lstrcatA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
SetUnhandledExceptionFilter
DeleteFileA
TerminateProcess
OpenProcess
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
Process32Next
DeleteCriticalSection
Process32First
CreateToolhelp32Snapshot
InitializeCriticalSection
ReadProcessMemory
GetSystemDirectoryA
CopyFileA
GetWindowsDirectoryA
GetLocalTime
CreateRemoteThread
WriteProcessMemory
GetFileSize
SetErrorMode
GetVersionExA
GlobalMemoryStatus
TransactNamedPipe
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
WaitForSingleObject
WideCharToMultiByte
HeapAlloc
GetProcessHeap
lstrcmpiA
lstrcmpA
lstrcpynA
GlobalFree
HeapFree
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GetTempFileNameA
GetTempPathA
GetEnvironmentVariableA
GetDriveTypeA
GetCurrentThread
SetFilePointer
GetSystemTime
GlobalUnlock
GlobalLock
GetFullPathNameA
SetCurrentDirectoryA
GetTimeFormatA
GetDateFormatA
SetThreadPriority
TerminateThread
ExitThread
WriteFile
GetModuleHandleA
GetModuleFileNameA
CreateProcessA
ExitProcess
CreateFileA
DisableThreadLibraryCalls
CreateMutexA
GetLastError
LoadLibraryA
GetProcAddress
GetCurrentProcess
CloseHandle
CreateThread
Sleep
GetTickCount
lstrcpyA
VirtualAllocEx
lstrlenA

user32

PeekMessageA
SendMessageA
FindWindowA
GetWindowThreadProcessId
FindWindowExA
wvsprintfA
CharUpperBuffA
CharUpperA
CharLowerA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
VkKeyScanA
keybd_event
TranslateMessage
SetFocus
SetForegroundWindow
BlockInput
GetClassNameA
GetWindowPlacement
DispatchMessageA
wsprintfA
GetWindowTextA
GetForegroundWindow
ShowWindow

advapi32

RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
CreateServiceA
RegOpenKeyExA
OpenServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA
RegQueryValueExA
ImpersonateLoggedOnUser
CloseServiceHandle
EnumServicesStatusA
RegEnumKeyA
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantCopy
VariantClear
VariantChangeType
SysAllocString
VariantInit

odbc32

ord11
ord3
ord41
ord75
ord31
ord24

ws2_32

closesocket
ntohl
ntohs
ioctlsocket
inet_addr
getsockname
WSAStartup
listen
bind
setsockopt
htons
gethostbyaddr
inet_ntoa
gethostbyname
getpeername
connect
socket
recv
send
WSACleanup
sendto
recvfrom
select
accept
__WSAFDIsSet
WSAGetLastError
htonl
WSASocketA

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

mpr

WNetAddConnection2A

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1Init@ios_base@std@@QAE@XZ

msvcrt

_vsnprintf
strcat
rand
strcpy
exit
_snprintf
sprintf
memset
_strnicmp
strncpy
strstr
free
atoi
malloc
strlen
__CxxFrameHandler
??2@YAPAXI@Z
memcpy
fclose
fread
fseek
fopen
strtoul
_adjust_fdiv
_initterm
_onexit
__dllonexit
memcmp
__mb_cur_max
_isctype
tolower
_iob
fflush
strchr
srand
_ftol
strtok
fgets
fprintf
toupper
printf
_strcmpi
_except_handler3
realloc
strcmp
sscanf
strncat
_purecall
_stricmp
_pctype

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NSA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7faf2be65616730f91e96f2feb50fac5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

wininet

psapi

mpr

netapi32

msvcp60

msvcrt

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 30KB - Virtual size: 78KB

NSA Size: 16KB - Virtual size: 16KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 30KB - Virtual size: 78KB

NSA
Size: 16KB - Virtual size: 16KB

.reloc
Size: 11KB - Virtual size: 10KB