metasploit | 4d104bfada829f480a844d76c9e553f9

Sharing

Copy URL Twitter E-mail

General

Target

4d104bfada829f480a844d76c9e553f9
Size

773KB
MD5

4d104bfada829f480a844d76c9e553f9
SHA1

5b172177a05d0214e64fc50d0e60ab0c44716e40
SHA256

ec9f5ae351dccc93209ea307b968442133898a36c99a82d6270be69bfd50f5dd
SHA512

c1bd3402ae46177da20bf4415ce0ef7528c609fdf1f0ab0d9e9a6a52a5ff1d82c55515b6b27264641bf6770e199be232ea0526335842f6a80214071a1fb64435
SSDEEP

12288:76DH+bZ1XTQvLqvz+8bfCUDmVg+JkCBdcrWSOzYAVNyXu+QDxCRCzCmXKVB+viIU:76D+Qqv/baUDmVg+OGfY1maX

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

192.168.43.137:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d104bfada829f480a844d76c9e553f9

Files

4d104bfada829f480a844d76c9e553f9
.exe windows:4 windows x86 arch:x86

cf4e7c39491d72f44d9880a814e16a2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetVolumeInformationW
GetFileSizeEx
GetLongPathNameW
GetCurrentProcess
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
LocalAlloc
CreateFileW
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
OpenProcess
GetDiskFreeSpaceExW
GetNativeSystemInfo
LoadLibraryW
GetUserGeoID
GetProcAddress
GetCurrentProcessId
CopyFileW
CreateDirectoryW
GetSystemTime
GetTickCount
GetUserDefaultUILanguage
GlobalFree
GetFileSize
WriteFile
SetEndOfFile
SetFilePointerEx
GetCurrentThreadId
GetModuleHandleW
SetUnhandledExceptionFilter
MultiByteToWideChar
QueueUserWorkItem
DeviceIoControl
GetProcessHeap
GetExitCodeProcess
SetEvent
GetLastError
CreateEventW
FindClose
CreateMutexW
FindNextFileW
FindFirstFileW
CreateProcessW
ExitProcess
DeleteCriticalSection
MoveFileExW
LocalFree
CreateThread
CloseHandle
DeleteFileW
Sleep
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
EnterCriticalSection
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
GetACP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree
HeapAlloc
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExA
HeapSize

advapi32

CryptCreateHash
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pmuq
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

cf4e7c39491d72f44d9880a814e16a2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

rpcrt4

Sections

.text Size: 532KB - Virtual size: 532KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 11KB - Virtual size: 14KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 25KB - Virtual size: 25KB

.pmuq Size: 4KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 11KB - Virtual size: 14KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 25KB - Virtual size: 25KB

.pmuq
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 25KB - Virtual size: 25KB