Behavioral task
behavioral1
Sample
6016c8d09f27df7f074eab8f3b509a78.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6016c8d09f27df7f074eab8f3b509a78.exe
Resource
win10v2004-20231222-en
General
-
Target
6016c8d09f27df7f074eab8f3b509a78
-
Size
135KB
-
MD5
6016c8d09f27df7f074eab8f3b509a78
-
SHA1
0de66485ee0a7fc1292b0212a737e63ad5c7d699
-
SHA256
d7f74009987ea259d06d106e7b6f862d3a2e8c33a29133b927afa6252bf33e2d
-
SHA512
5532243f90f2f2b8fd10811ef89de2dc2a2e6040f91c177a6780a3f01eb0d0ca676dc0e21c206ab15f319b247244a1a01d05d9282ffcb0b1c9370200c26ac6d5
-
SSDEEP
3072:HjcptR8ys23xbrO19g3+HBzeDsvRBwP4Q6j+0Pq3M:HAptR8ysMxyu+h9BwPH6Xq8
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6016c8d09f27df7f074eab8f3b509a78
Files
-
6016c8d09f27df7f074eab8f3b509a78.exe windows:4 windows x86 arch:x86
e08c8cd529953f8f614870544ca8f6cc
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetStdHandle
OutputDebugStringA
GetTimeFormatA
GetDateFormatA
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
GetFileSize
GetComputerNameA
GetVersionExA
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
OpenProcess
WriteProcessMemory
VirtualAllocEx
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
QueryPerformanceFrequency
SetConsoleTextAttribute
VirtualProtectEx
IsBadReadPtr
LoadLibraryExA
TerminateProcess
CreateProcessA
CreateThread
ReadFile
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpiA
GetDriveTypeA
GetLogicalDriveStringsA
CreateMutexA
GetLastError
GetSystemTime
CreateFileA
TerminateThread
CloseHandle
ExitProcess
GetLocaleInfoA
GetCurrentProcess
SetProcessWorkingSetSize
GetTickCount
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
GetShortPathNameA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GetTempPathA
CopyFileA
SetFileAttributesA
QueryPerformanceCounter
user32
GetClassNameA
EnumWindows
FindWindowA
GetWindowThreadProcessId
MessageBoxA
wsprintfA
SendMessageA
ExitWindowsEx
advapi32
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
GetUserNameA
RegisterServiceCtrlHandlerA
SetServiceStatus
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegEnumValueA
RegSetValueExA
mpr
WNetCancelConnection2A
WNetAddConnection2A
msvcrt
free
??2@YAPAXI@Z
_onexit
__dllonexit
sscanf
sprintf
_stricmp
strstr
strncat
_snprintf
strncpy
_vsnprintf
toupper
islower
rand
srand
system
atoi
atol
strtok
fclose
fwrite
fopen
fread
fprintf
printf
fseek
malloc
netapi32
NetScheduleJobAdd
NetRemoteTOD
NetUserEnum
NetApiBufferFree
psapi
EnumProcesses
EnumProcessModules
GetModuleBaseNameA
shell32
ShellExecuteA
wininet
InternetCloseHandle
FtpGetFileA
InternetConnectA
InternetOpenA
FtpPutFileA
InternetOpenUrlA
InternetGetConnectedStateEx
ws2_32
connect
recv
send
htons
gethostbyname
WSACloseEvent
closesocket
shutdown
WSACleanup
WSAStartup
htonl
accept
inet_addr
listen
bind
inet_ntoa
gethostname
gethostbyaddr
getsockname
getpeername
setsockopt
__WSAFDIsSet
select
sendto
WSASocketA
ioctlsocket
socket
Sections
.data Size: 116KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ