metasploit | 7088fbce6590a3f1082137e127511d69

General

Target

7088fbce6590a3f1082137e127511d69
Size

8.8MB
MD5

7088fbce6590a3f1082137e127511d69
SHA1

5d168ff707518821c86f3f0dea33553aec2a244a
SHA256

91bdc2dbc42c8342ce107cef6dcbbf8c76d90283a69da3165f67cf19e1c44aeb
SHA512

73927e598dd84fd92596db4b24be2e608dea434076c540d41f810f1e2cf53c82c1fe30a859215534d0abc9af8040b065319dbbc8ac46d21d3f49dc0295727f68
SSDEEP

196608:sJuwS6TLCVe0mj/wvs/9sL1jcOytIsjTIImELIjHBAHH8Vz1pQVp:0LC3mIvbR8y08ImELWA8Vzg

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

151.115.42.158:48277

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7088fbce6590a3f1082137e127511d69

Files

7088fbce6590a3f1082137e127511d69
.dll windows:6 windows x86 arch:x86

9826c64364c073b949053f26292c4052

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
WriteFile
WaitForSingleObject
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
CloseHandle
LoadLibraryW
CreateThread
GetProcAddress
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
lstrcmpW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

shell32

ShellExecuteW

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv
_cexit
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

9826c64364c073b949053f26292c4052

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 8.8MB - Virtual size: 8.8MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 408B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 8.8MB - Virtual size: 8.8MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 408B