metasploit | b6b51a3883d3e421106570108db1acba

Sharing

Copy URL

Twitter E-mail

General

Target

b6b51a3883d3e421106570108db1acba
Size

92KB
MD5

b6b51a3883d3e421106570108db1acba
SHA1

e348f3cbb0c986281895a1dbdb68195d8874a5e8
SHA256

a5ed97dc3f462985a2c1f4c65f23aae26ee37ec6b928fb39f80161294b9c9fae
SHA512

00c10c28596ce378619984ea07b179f29f5c51f115878fc71fdddec22d814ae4277fd37b6c45a017bf47221555dc6ba21c752331257030adfc5e403e64812ab5
SSDEEP

1536:GyBNFOTmMLRAgtawxoXwxtw419YW2gj4oGOlTNo:BYT5aCXxog//YWJ4o7TNo

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6b51a3883d3e421106570108db1acba

Files

b6b51a3883d3e421106570108db1acba
.exe windows:4 windows x86 arch:x86

a362f3e40e7f2f2d28eda25f4c8d6af5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\source\cg\cgall\rubbish\elf_downloader\Release_HackDisk\elf_downloader.pdb

Imports

kernel32

GetTempPathA
WaitForSingleObject
OutputDebugStringA
SetSystemTime
GetSystemTime
WinExec
GetFileSize
FreeLibrary
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
CreateFileW
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
Module32First
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
CreateDirectoryA
CreateThread
SetEvent
GetModuleFileNameA
CreateEventA
ResetEvent
OutputDebugStringW
lstrcpyW
GetModuleHandleA
GetCommandLineA
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TransactNamedPipe
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalFree
LoadLibraryExA
GlobalAlloc
GetStartupInfoA
ExitProcess
GetProcAddress
Sleep
DeleteFileA
ReadFile
SetFilePointer
lstrlenA
GetSystemDirectoryA
lstrcatA
lstrcpynA
lstrcpyA
CreateFileA
DeviceIoControl
CloseHandle
CopyFileA
SetFileAttributesA
WriteFile
FlushFileBuffers
OpenEventA
GetTickCount

mpr

WNetCancelConnection2A
WNetAddConnection2A

ws2_32

accept
connect
recv
closesocket
send
htons
inet_addr
WSAStartup
gethostname
gethostbyname
inet_ntoa
socket
__WSAFDIsSet
WSAGetLastError
bind
select
listen

iphlpapi

SendARP

rpcrt4

UuidFromStringA
UuidToStringA

user32

FindWindowA
SendMessageA
ShowWindow
wvsprintfA
IsCharAlphaNumericA
wsprintfA

advapi32

CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
ChangeServiceConfigA
StartServiceA
DeleteService
ChangeServiceConfig2A
CreateServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
QueryServiceStatus

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nbxz0
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

a362f3e40e7f2f2d28eda25f4c8d6af5

Headers

File Characteristics

PDB Paths

Imports

kernel32

mpr

ws2_32

iphlpapi

rpcrt4

user32

advapi32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 40KB - Virtual size: 70KB

.nbxz0 Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 536B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 40KB - Virtual size: 70KB

.nbxz0
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 536B