metasploit | 4bba833c6b43b6372064eff960634769

Sharing

Copy URL Twitter E-mail

General

Target

4bba833c6b43b6372064eff960634769
Size

916KB
MD5

4bba833c6b43b6372064eff960634769
SHA1

f3218e5a0b573a23345047566cb98dad81be140f
SHA256

a945ebaf5e751890c7e12d0b83cfa25b971890a6b3693c94b46ae0504de1382b
SHA512

8f2a4ed231f4dede70880acb48a1aa021ab39da8cf545dbec2c8ced2fcf7ec1f41df226ccedfeef0ad8ce341c63955705f5d581f733ebfc24c3811598500717f
SSDEEP

12288:IIF7rGNrkty0fkhAlmvqRVB7rGNrkty0fkhAlmv9z:IIFErmyFAeqRErmyFAeN

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.206.134:3214

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bba833c6b43b6372064eff960634769

Files

4bba833c6b43b6372064eff960634769
.exe windows:4 windows x86 arch:x86

1b2719f49a3bdbb5a8609499b0db61a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

xul

XRE_GetFileFromPath
XRE_GetBinaryPath
NS_SetDllDirectory
XRE_FreeAppData
XRE_main
XRE_CreateAppData
?NS_SetHasLoadedNewDLLs@@YAXXZ

xpcom

NS_StringGetData
NS_LogInit
NS_CStringContainerFinish
NS_StringContainerInit
NS_StringContainerFinish
NS_CStringContainerInit2
NS_LogTerm
NS_CStringToUTF16

mozalloc

moz_malloc
moz_xmalloc
moz_free

nspr4

PR_smprintf_free
PR_smprintf
PR_GetEnv
PR_SetEnv

plc4

PL_strcasecmp

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
SearchPathW
VirtualAllocEx
VirtualProtectEx
GetCurrentProcess
GetProcAddress
LoadLibraryExA

user32

MessageBoxW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

mozcrt19

_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
_onexit
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
vfprintf
_fdopen
fclose
_dup
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__p__fmode
wcsrchr
memcpy
wcslen
_vsnwprintf
strcmp

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 872KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

meNm
Size: 20KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

1b2719f49a3bdbb5a8609499b0db61a3

Headers

DLL Characteristics

File Characteristics

Imports

xul

xpcom

mozalloc

nspr4

plc4

kernel32

user32

version

mozcrt19

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 872KB - Virtual size: 870KB

.reloc Size: 4KB - Virtual size: 2KB

meNm Size: 20KB - Virtual size:

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 872KB - Virtual size: 870KB

.reloc
Size: 4KB - Virtual size: 2KB

meNm
Size: 20KB - Virtual size: