metasploit | 496b760449a9b8197b04bff1ac30ffbe

Sharing

Copy URL

Twitter E-mail

General

Target

496b760449a9b8197b04bff1ac30ffbe
Size

192KB
MD5

496b760449a9b8197b04bff1ac30ffbe
SHA1

0ae75775295ea3cfe355c315af4fe44ce4bb444d
SHA256

dbabfb7b51e9e8b000048904eaf2741fcc6a30e2601ec7167dc702f8fcd9f734
SHA512

cc343cab5f4f0ed3483f28101f451c6c0f8495f06c8fd320221d04314ea5ddeb4b7a3d505fa583e2192c05e4de2230ab478fb755fac13900a88e8adc74036f8a
SSDEEP

3072:nVG0yL1Qbd2g4BASqBv9ELa9jZO+MDc25e/YGNOATR6OWIZOtTIQt9S:VG5kAg4B6Bv3ZO+vYGdTR6AZ/AS

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

178.135.51.86:50000

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
496b760449a9b8197b04bff1ac30ffbe

Files

496b760449a9b8197b04bff1ac30ffbe
.exe windows:4 windows x86 arch:x86

256a5bbe63ea46a217ee9b6e9dcfeea3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
MultiByteToWideChar
GlobalAlloc
WideCharToMultiByte
SetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GlobalUnlock
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetTickCount
GetFileType
SetHandleCount
HeapSize
Sleep
GetCurrentProcess
GetSystemDirectoryA
CloseHandle
QueryPerformanceCounter
GetLastError
GetSystemTimeAsFileTime
LoadLibraryA
GetProcAddress
FreeLibrary
SetUnhandledExceptionFilter
CopyFileA
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesExA
GetFileAttributesA
CreateProcessA
GetModuleHandleA
GetModuleFileNameA
ReadFile
SetFilePointer
RtlUnwind
GetConsoleMode
SetEndOfFile
GetConsoleCP
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
VirtualAlloc
FreeEnvironmentStringsA
GetTempPathA
HeapAlloc
HeapFree
ExitProcess
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
VirtualFree

user32

GetDC
GetWindowInfo
GetSystemMetrics
GetDesktopWindow
SystemParametersInfoA
SetWindowLongA
PeekMessageA
ReleaseDC
TranslateMessage
GetAsyncKeyState
GetKeyState
GetWindowTextA
GetForegroundWindow
UnhookWindowsHookEx
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyboardLayout
DispatchMessageA
IsWindow
GetWindowThreadProcessId
CallNextHookEx
ShowWindow
RedrawWindow
GetWindowLongA
SendMessageA
DestroyWindow
SetWindowsHookExA

gdi32

DeleteObject
StretchBlt
BitBlt
CreateCompatibleDC
SelectObject
DeleteDC
CreateDIBSection

advapi32

RegCreateKeyExA
RegEnumKeyExA
GetUserNameA
RegSetValueExA
RegCloseKey
RegDeleteKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateInstance

sensapi

IsNetworkAlive

ws2_32

htons
closesocket
connect
socket
gethostbyname
inet_addr
WSAStartup
recv
send
WSASocketA

urlmon

URLDownloadToFileA

winmm

waveInClose
waveInUnprepareHeader
waveInStop
waveInAddBuffer
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs

avicap32

capCreateCaptureWindowA

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

256a5bbe63ea46a217ee9b6e9dcfeea3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

sensapi

ws2_32

urlmon

winmm

avicap32

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 176B