metasploit | c16d2e1df0f2a8c571375538d53555ca2aa001755131af170318e3c5f722404a

Sharing

Copy URL

Twitter E-mail

General

Target

c16d2e1df0f2a8c571375538d53555ca2aa001755131af170318e3c5f722404a
Size

443KB
MD5

95fea11f54846064919611c17fab7c0d
SHA1

1130ab182b044a847f70e4d300ea78714c5a1052
SHA256

c16d2e1df0f2a8c571375538d53555ca2aa001755131af170318e3c5f722404a
SHA512

f051c8ee99d55e8cd2e6109f11e6323e2febe0d471ea60a3af815f87398a5392c6400bfa163917aa75bd011f5dfe2d8bc4f76677f642ebd0440b2c8e0462d0f0
SSDEEP

3072:VMBXBepLvxhAgvDtXls6io2/son12WRWGmgX2hM00bKT53j0+Gw438r9NiFjdvnx:VMbkLDJDBlSq03w438rvizvUqKik51K

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://teracloud.berylia.org:80/win/v9.29_r_DN880IKDJ5B2

Attributes

headers Accept: application/font-woff2;q=1.0,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.57

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c16d2e1df0f2a8c571375538d53555ca2aa001755131af170318e3c5f722404a

Files

c16d2e1df0f2a8c571375538d53555ca2aa001755131af170318e3c5f722404a
.exe windows:4 windows x86 arch:x86

d4c1fcaa5246c33a81d0fae808ca6b18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

IsTextUnicode
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

comctl32

InitCommonControls
ord410
ord413

comdlg32

ChooseFontW
FindTextW
GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
ReplaceTextW

gdi32

CreateFontIndirectW
DeleteDC
DeleteObject
EndDoc
EndPage
ExtTextOutW
GetDeviceCaps
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetMapMode
StartDocW
StartPage

kernel32

CloseHandle
CreateFileW
ExitProcess
FindClose
FindFirstFileW
FormatMessageW
GetCPInfoExW
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetFileSize
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetTimeFormatW
HeapAlloc
HeapFree
LocalFree
MulDiv
MultiByteToWideChar
ReadFile
SetEndOfFile
WideCharToMultiByte
WriteFile
lstrcmpW

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
ShellAboutW

shlwapi

PathFindFileNameW
StrCmpNIW
StrCmpNW
StrRStrIW
StrStrIW
StrStrW
wnsprintfW

ucrtbase

__p___argc
__p___argv
__stdio_common_vswprintf
_assert
_configure_narrow_argv
_get_initial_narrow_environment
_initialize_narrow_environment
_set_app_type
exit
memcpy
wcschr

user32

CheckMenuItem
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
EnableMenuItem
EndDialog
GetClientRect
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
GetMenu
GetMessageW
GetMonitorInfoW
GetParent
GetSystemMetrics
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageW
LoadAcceleratorsW
LoadCursorW
LoadIconW
LoadImageW
LoadStringW
MessageBoxW
MonitorFromRect
PostMessageW
PostQuitMessage
RegisterClassExW
RegisterWindowMessageW
SendMessageW
SetActiveWindow
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetWindowPos
SetWindowTextW
ShowWindow
TranslateAcceleratorW
TranslateMessage
UpdateWindow
WinHelpW
wsprintfW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d4c1fcaa5246c33a81d0fae808ca6b18

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

shell32

shlwapi

ucrtbase

user32

Sections

.text Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 544B

.rdata Size: 4KB - Virtual size: 2KB

/4 Size: 4KB - Virtual size: 2KB

.bss Size: - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 200KB - Virtual size: 198KB

.reloc Size: 4KB - Virtual size: 1KB

/14 Size: 4KB - Virtual size: 160B

/29 Size: 76KB - Virtual size: 75KB

/41 Size: 8KB - Virtual size: 4KB

/55 Size: 16KB - Virtual size: 14KB

/67 Size: 4KB - Virtual size: 632B

/78 Size: 20KB - Virtual size: 19KB

/89 Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 544B

.rdata
Size: 4KB - Virtual size: 2KB

/4
Size: 4KB - Virtual size: 2KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 200KB - Virtual size: 198KB

.reloc
Size: 4KB - Virtual size: 1KB

/14
Size: 4KB - Virtual size: 160B

/29
Size: 76KB - Virtual size: 75KB

/41
Size: 8KB - Virtual size: 4KB

/55
Size: 16KB - Virtual size: 14KB

/67
Size: 4KB - Virtual size: 632B

/78
Size: 20KB - Virtual size: 19KB

/89
Size: 8KB - Virtual size: 4KB