metasploit | 42a1c6ff815290f94cded10b6958b675

Sharing

Copy URL Twitter E-mail

General

Target

42a1c6ff815290f94cded10b6958b675
Size

4.0MB
MD5

42a1c6ff815290f94cded10b6958b675
SHA1

2bdcb23b7ba5a07f176144dcf450fea81f111efe
SHA256

3449c720dab00c58e279f2f1f326047aaed58c6a54b251cc262ef78f74847034
SHA512

f67ecc1643a3952c5d8b6eafd6512ba5d8f3afa3f6588636239063c9e5f4b94718b85975ddb9f087eabb297c230cad06330f1b027b71a741b4767fe2175c9cb3
SSDEEP

98304:4yVyFfx/rGI11qccaPKj8jg0+WCN7jq5pR+BL+:4yVyFfxTGI11qc/+Wu7+x

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://192.168.174.132:808626fe7dcd8d412a80d0b3f0e36afd4a.jpg

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0)

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42a1c6ff815290f94cded10b6958b675

Files

42a1c6ff815290f94cded10b6958b675
.exe windows:5 windows x86 arch:x86

f2324adf6e49e064164699422dab1911

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

SHDeleteKeyW
PathIsDirectoryW
PathFindExtensionW
PathMatchSpecW
PathIsContentTypeW
StrCmpIW
PathCompactPathW
StrFormatByteSizeW
ord12
PathFileExistsW
StrTrimW
StrChrW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW
SHAutoComplete

imm32

ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

kernel32

LocalAlloc
VirtualProtect
GetCurrentThread
CompareStringA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GlobalFlags
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
FindResourceExW
GetCurrentDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetConsoleOutputCP
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapQueryInformation
GetUserDefaultLCID
FreeLibraryAndExitThread
ExitThread
VirtualQuery
SetStdHandle
ReadConsoleW
GetConsoleMode
GetModuleHandleExW
ExitProcess
InterlockedPushEntrySList
RtlUnwind
WaitForMultipleObjects
CreatePipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLongPathNameW
QueryPerformanceFrequency
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateSemaphoreW
MoveFileExW
RemoveDirectoryW
GetCPInfo
LCMapStringEx
InitializeCriticalSectionEx
OutputDebugStringW
GetDiskFreeSpaceW
ReplaceFileW
GetStringTypeExW
DuplicateHandle
UnlockFile
SetFilePointer
GetCommandLineA
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
GlobalSize
GlobalUnlock
GlobalLock
GetTickCount
GlobalAlloc
GlobalFree
MulDiv
GetACP
GetStringTypeW
GetLastError
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
FindClose
FindFirstFileW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
SearchPathW
DeleteFileW
lstrlenW
GetPrivateProfileStringW
GetThreadLocale
MultiByteToWideChar
SetLastError
GetSystemDefaultLangID
GetCommandLineW
GlobalMemoryStatusEx
GetSystemInfo
GetOEMCP
GetLocaleInfoW
CreateFileW
GetShortPathNameW
SetFileTime
WriteFile
GetTempPathW
CloseHandle
ReleaseSemaphore
Sleep
GlobalReAlloc
GetFileAttributesW
VerSetConditionMask
FindFirstFileExW
FindNextFileW
VerifyVersionInfoW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryA
GetTempFileNameW
CreateProcessW
GetWindowsDirectoryW
CopyFileW
lstrcpyW
GetFileSize
ReadFile
SetThreadLocale
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
LocalFree
FormatMessageW
VirtualAlloc
lstrcpynW
WideCharToMultiByte
GetStdHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentThreadId
OpenProcess
FreeConsole
AttachConsole
WriteConsoleW
TerminateThread
SuspendThread
ResumeThread
GetUserDefaultLangID
ExpandEnvironmentStringsW
CreateDirectoryW
GetFullPathNameW
GetCurrentProcess
IsWow64Process
GetSystemWow64DirectoryW
CreateThread
GetPrivateProfileIntW
WritePrivateProfileStringW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetDriveTypeW
GetExitCodeThread
lstrcmpiW
MoveFileW
IsValidCodePage
GetCompressedFileSizeW
ExpandEnvironmentStringsA
LoadLibraryExA
OutputDebugStringA
GetModuleHandleA
lstrcmpA
EncodePointer
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
SetEvent
CreateEventW
SetThreadPriority
GetCurrentProcessId
GetProfileIntW
GlobalGetAtomNameW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SystemTimeToFileTime
GetVersionExW
FlushFileBuffers
GetVolumeInformationW
LockFile

user32

MonitorFromPoint
GetScrollPos
IsRectEmpty
ClientToScreen
GetDCEx
EndDeferWindowPos
BeginDeferWindowPos
DestroyMenu
IsDialogMessageW
GetNextDlgTabItem
ChildWindowFromPointEx
PostThreadMessageW
GetMessageW
MapDialogRect
GetIconInfo
IsChild
GetLastActivePopup
GetWindowThreadProcessId
FindWindowW
SetForegroundWindow
ShowWindow
GetUserObjectInformationW
GetThreadDesktop
DrawIconEx
GetTopWindow
GetClassLongW
EqualRect
GetSysColorBrush
DragDetect
GetSystemMenu
TrackMouseEvent
DrawMenuBar
GetActiveWindow
FlashWindowEx
IsMenu
GetClassInfoW
RegisterClassW
ReplyMessage
InflateRect
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetCapture
GetFocus
DispatchMessageW
TranslateMessage
GetWindow
GetWindowTextW
SetWindowTextW
GetMenuStringW
EnableMenuItem
TrackPopupMenu
CheckMenuItem
LoadMenuW
PeekMessageW
wsprintfA
SetParent
PtInRect
IsWindowVisible
SetWindowLongW
MapWindowPoints
RemovePropW
GetPropW
SetPropW
GetDlgCtrlID
IsZoomed
IsIconic
SetWindowPos
ShowScrollBar
AdjustWindowRectEx
CallWindowProcW
DrawFrameControl
GetParent
LoadIconW
SetWindowsHookExW
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
PostMessageW
UnregisterClassW
LoadBitmapW
SetRect
SetScrollRange
GetMenuItemInfoW
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
CreatePopupMenu
CreateMenu
GetMenuState
GetMonitorInfoW
GetClassNameW
RegisterHotKey
UnregisterHotKey
CreateWindowExW
DestroyWindow
SetFocus
IsWindowEnabled
GetWindowTextLengthW
ChildWindowFromPoint
GetComboBoxInfo
SendDlgItemMessageA
SetRectEmpty
UnhookWindowsHookEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
GetClassInfoExW
GetWindowPlacement
SetWindowPlacement
DeferWindowPos
GetMenu
SetMenu
SetActiveWindow
GetForegroundWindow
MonitorFromWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageW
CreateDialogIndirectParamW
LockWindowUpdate
CopyAcceleratorTableW
GetKeyState
GetAsyncKeyState
EnableWindow
UpdateWindow
GetClientRect
MessageBoxW
CreateCaret
HideCaret
ShowCaret
SetCaretPos
wsprintfW
GetDoubleClickTime
IsWindow
GetDlgItem
ReleaseCapture
KillTimer
LoadAcceleratorsW
TranslateAcceleratorW
GetSystemMetrics
GetDC
ReleaseDC
InvalidateRect
RedrawWindow
EnableScrollBar
MessageBeep
SetCursor
GetCursorPos
GetCaretPos
ScreenToClient
GetSysColor
CopyRect
IntersectRect
OffsetRect
GetDesktopWindow
LoadCursorW
SystemParametersInfoW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
SetCapture
SetTimer
SendMessageW
GetWindowLongW
CharNextW
CharPrevW
LoadImageW
SetDlgItemTextA
BeginPaint
EndPaint
ValidateRect
ScrollWindow
DestroyIcon
SetScrollPos
RealChildWindowFromPoint
GetWindowRect
DrawEdge
FillRect
ShowOwnedPopups
PostQuitMessage
UnionRect
CharUpperW
SetWindowRgn
DrawIcon
WindowFromPoint
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
BringWindowToTop
GetTabbedTextExtentW
SetCursorPos
DestroyCursor
GetWindowDC
GetScrollRange
EndDialog

gdi32

EnumFontFamiliesExW
CreateEllipticRgn
StretchDIBits
CreateFontW
GetTextFaceW
GetWindowOrgEx
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetCharWidthW
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
SetRectRgn
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
PolyDraw
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetPixel
GetCurrentPositionEx
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreatePen
SetBkColor
CreateBitmap
CopyMetaFileW
EnumFontFamiliesW
CreateDCW
SetTextColor
SetBkMode
PolyBezier
Polygon
LPtoDP
DPtoLP
TextOutW
PathToRegion
EndPath
BeginPath
Rectangle
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetMapMode
FillRgn
Escape
CreateSolidBrush
GetTextMetricsW
ExtTextOutW
SetDIBColorTable
CreateDIBSection
SetDIBits
PatBlt
GetDIBits
GetBkMode
Ellipse
GetDIBColorTable
SelectObject
DeleteObject
DeleteDC
RoundRect
GetTextColor
GetStockObject
GetCharWidth32W
GetBkColor
GetObjectW
GetViewportOrgEx
GetTextExtentPoint32W
GetDeviceCaps
CreateRectRgnIndirect
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

msimg32

AlphaBlend

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW

shell32

ShellExecuteW
DragQueryFileW
SHFileOperationW
SHCreateShellItem
SHParseDisplayName
ord155
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHAddToRecentDocs
ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
DragFinish
ExtractIconW

comctl32

ImageList_Add
ImageList_Draw
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_DrawIndirect
ImageList_Remove
ImageList_GetIcon
ImageList_Copy
ImageList_GetImageInfo
ord17
ImageList_DrawEx

uxtheme

DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeFont
GetThemeColor
CloseThemeData
IsThemeActive
GetThemeMargins
GetThemeInt
GetThemePartSize
DrawThemeBackground
OpenThemeData

ole32

StringFromCLSID
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoFreeUnusedLibraries
CoCreateGuid
CoInitializeEx
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoLockObjectExternal
OleGetClipboard
OleDuplicateData
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoGetObject
CLSIDFromProgID
CoTaskMemAlloc
PropVariantClear
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
OleRun
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantInit
VariantCopyInd
VariantChangeType
LoadTypeLi
VarBstrFromDate
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SysReAllocStringLen
VariantClear
VariantTimeToSystemTime
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipSaveImageToStream
GdipBitmapLockBits
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipAlloc
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipFree

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

InternetGetLastResponseInfoW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 796KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f2324adf6e49e064164699422dab1911

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

imm32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

wininet

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 796KB - Virtual size: 796KB

.data Size: 110KB - Virtual size: 135KB

.rsrc Size: 983KB - Virtual size: 982KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 796KB - Virtual size: 796KB

.data
Size: 110KB - Virtual size: 135KB

.rsrc
Size: 983KB - Virtual size: 982KB