metasploit | f22571f2ab50cdd6a32779313872d108[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f22571f2ab50cdd6a32779313872d108.exe
Size

101KB
MD5

f22571f2ab50cdd6a32779313872d108
SHA1

ddb518c695c27f4dbdf77ca969643843cdc8acbe
SHA256

c2518bd316a8d2bf4d4b2d0c0be72332c2d1734901a604d98d7ee14f83d77b22
SHA512

3378e7631ef678ec6816c78160df343282342fcd9f5d8a8e732d6c9d34f804431d8d0ea2b3078beaf14a1c026831b76f84eed7928caab86fdd6786e48f4e48c5
SSDEEP

1536:ozv7zCs4XgrH/iazvGT2luhMAxsjw7sWrt4wk4+jhl:i6Pgzaazve2LKzYWrt4wyV

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f22571f2ab50cdd6a32779313872d108.exe

Files

f22571f2ab50cdd6a32779313872d108.exe
.exe windows:4 windows x86 arch:x86

334d07207823db69cc151625de1b461f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyaddr
recv
inet_ntoa
connect
socket
sendto
select
recvfrom
WSAStartup
inet_addr
gethostname
gethostbyname
ioctlsocket
shutdown
closesocket
htons
setsockopt
bind
listen

advapi32

GetUserNameA

mpr

WNetAddConnection2A

shell32

ShellExecuteExA
SHChangeNotify

iphlpapi

GetAdaptersInfo

msvcrt

time
_stricmp
memcmp
sscanf
fread
fopen
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_controlfp
_vsnprintf
strlen
malloc
memset
memcpy
free
strcat
strncpy
rand
sprintf
atoi
srand
strchr
strrchr
strcpy
strcmp
strstr
_snprintf
ceil
strncat
_strcmpi
_ftol
_except_handler3
strcspn
??2@YAPAXI@Z
__set_app_type
strtok
fseek

kernel32

GetStartupInfoA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TransactNamedPipe
ReadFile
CreateEventA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
SetProcessPriorityBoost
CopyFileA
InitializeCriticalSectionAndSpinCount
OpenProcess
GetCurrentThread
GetCurrentProcess
GetWindowsDirectoryA
GetFileTime
SetFileTime
GetFileAttributesA
TerminateThread
LocalAlloc
LocalFree
GetProcAddress
LoadLibraryA
GetLocaleInfoA
CreateMutexA
SetFileAttributesA
DeleteFileA
ReleaseMutex
ExpandEnvironmentStringsA
CreateFileA
ExitThread
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
lstrcmpiA
CreateThread
Sleep
GetLastError
GetTempPathA
GetTickCount
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetVersionExA
TerminateProcess

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

334d07207823db69cc151625de1b461f

Headers

File Characteristics

Imports

wsock32

advapi32

mpr

shell32

iphlpapi

msvcrt

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 17KB - Virtual size: 360KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 360KB