metasploit | 789f775aa66303d47c5498dfe4b87651

Sharing

Copy URL

Twitter E-mail

General

Target

789f775aa66303d47c5498dfe4b87651
Size

31KB
MD5

789f775aa66303d47c5498dfe4b87651
SHA1

9d50db6e33187959684fac46aadff83003cac2b2
SHA256

59f3b16fdd75c83300e9f4b6a7658ebb710994bdae28d4865a4e0add6f659bea
SHA512

c51da543043d885ce848e84e77aebf055d7a72e57f44544d5425e893525429c53b0b0d265a20f9d5a34b9af6bc7b091cbab91e51c8a3e8c3c98f1cad272d563d
SSDEEP

768:A0kPKnMIixqCZmK2C2C2hucou6cyV4hPSwtXig:A0kPhIixqymKZZ2f6s

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
789f775aa66303d47c5498dfe4b87651

Files

789f775aa66303d47c5498dfe4b87651
.exe windows:5 windows x86 arch:x86

99df57bccdeeac9445e98c8007286b1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlTimeToSecondsSince1970
ZwCreateEvent
RtlInitUnicodeString
strchr
sscanf
RtlImageNtHeader
_snwprintf
atoi
strncpy
_snprintf
RtlRandom
LdrAddRefDll
RtlUnwind
memcpy
_chkstk
memset
NtQueryVirtualMemory

ws2_32

WSAGetLastError
send
recv
htons
sendto
closesocket
setsockopt
WSAIoctl
bind
socket
inet_addr
WSAStartup
recvfrom
connect

shlwapi

StrStrIW
StrStrIA
PathFindFileNameA
PathFileExistsW
PathRemoveExtensionA
PathAddExtensionA
PathAppendA
SHGetValueA
SHEnumKeyExA
SHSetValueA
PathFileExistsA
SHDeleteValueA
PathRemoveExtensionW
PathFindFileNameW
SHSetValueW
SHGetValueW

wininet

InternetReadFile
InternetCloseHandle
InternetSetOptionA
InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetQueryOptionA
HttpOpenRequestA
HttpSendRequestA

iphlpapi

GetIpAddrTable
CreateIpNetEntry

shell32

ShellExecuteW

rpcrt4

UuidCreateSequential
UuidFromStringA
UuidToStringA

mpr

WNetCancelConnection2A
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
WNetAddConnection2A

winspool.drv

AddPrintProvidorW

psapi

GetMappedFileNameA
GetMappedFileNameW

imagehlp

MapFileAndCheckSumA
CheckSumMappedFile

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

GetModuleFileNameA
WinExec
InitializeCriticalSection
lstrcmpiA
LeaveCriticalSection
MoveFileExA
EnterCriticalSection
GetPrivateProfileIntA
LockFile
WTSGetActiveConsoleSessionId
GetModuleHandleA
GetProcAddress
MoveFileExW
GetTempFileNameW
DeviceIoControl
DeleteFileW
CreateFileW
CopyFileW
GetCurrentProcessId
GetTempPathW
GetSystemTimeAsFileTime
GetModuleHandleW
GetPrivateProfileStringA
DeleteFileA
GetTempFileNameA
GetTempPathA
SleepEx
GetCurrentThreadId
OpenThread
QueueUserAPC
GetLastError
ReadFile
TransactNamedPipe
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
WritePrivateProfileStringA
SetFileAttributesA
SetFileAttributesW
WriteFile
CreateFileA
GetTickCount
Sleep
QueueUserWorkItem
CreateThread
CloseHandle
VirtualAlloc
VirtualFree

user32

CharUpperBuffA
CharLowerBuffA
IsCharAlphaA
CreateWindowExA
SetWindowLongA
RegisterDeviceNotificationA
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterDeviceNotification
DestroyWindow
DefWindowProcA

advapi32

CreateServiceW
CreateProcessAsUserA
GetTokenInformation
CloseServiceHandle
QueryServiceStatusEx
StartServiceA
OpenSCManagerA
OpenServiceA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cfg
Size: 512B - Virtual size: 117B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

99df57bccdeeac9445e98c8007286b1a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

shlwapi

wininet

iphlpapi

shell32

rpcrt4

mpr

winspool.drv

psapi

imagehlp

wtsapi32

userenv

kernel32

user32

advapi32

ole32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 141KB

.cfg Size: 512B - Virtual size: 117B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 141KB

.cfg
Size: 512B - Virtual size: 117B

.reloc
Size: 2KB - Virtual size: 2KB