metasploit | 25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30[.]zip

General

Target

25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30.zip
Size

3KB
MD5

a897fc2c06387dda83722f5c2f1edfe2
SHA1

d5368bc854f0d8b5f08bad33fd962efab665be2e
SHA256

35767fb35f82432ce38ea71f08e8dd9ea8b0d9c550d39c52e3e699167ae5dd20
SHA512

0ed8865e7d8973aa45da0a7a5aa407beb3733dc318f4b95fbbcb2aa051b4667ea9fdebcb100d114d3bd230480248798c750604538889b0374e414d12755d87de

Score

10^/10

metasploit

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/reverse_tcp

C2

104.244.78.10:443

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30.exe

25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30.zip
.zip

Password: infected
25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30.exe
.exe windows:4 windows x86 arch:x86

f9ade0aa18f660a34a4fa23392e21838

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE