metasploit | ba33bfb8cd95ea195cbcd43842543a43

Sharing

Copy URL Twitter E-mail

General

Target

ba33bfb8cd95ea195cbcd43842543a43
Size

64KB
MD5

ba33bfb8cd95ea195cbcd43842543a43
SHA1

26687fdadc1caec0857992cc3dc663e9eede5e31
SHA256

e9d11662afdc479f2c4fc357335626d4608e07e471fca2c1ae4c07c74c0eadd5
SHA512

d94b310b90c3a542216fbae8417cb2dfcf6204950366a33dc73a62a4d3c24c40b558b27b3fb7994ded31a67cb8dfbeb782a1039a63da59c3c1927835e4d83cf5
SSDEEP

1536:ZJg1OAEuxWhXTmNquG9L0RT/ADGRMlu8:ZJlAEuxAWqu3ZMlu8

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.1.3:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba33bfb8cd95ea195cbcd43842543a43

Files

ba33bfb8cd95ea195cbcd43842543a43
.exe windows:4 windows x86 arch:x86

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\netcat\Release\netcat.pdb

Imports

ws2_32

__WSAFDIsSet
select
listen
getsockname
recvfrom
accept
WSASetLastError
socket
setsockopt
bind
connect
htons
getservbyport
ntohs
getservbyname
inet_addr
gethostbyname
inet_ntoa
gethostbyaddr
WSAGetLastError
WSAStartup
WSACleanup
shutdown
closesocket
recv
send

kernel32

GetSystemTimeAsFileTime
CreateFileA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
SetStdHandle
SetFilePointer
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
MultiByteToWideChar
CompareStringA
VirtualQuery
InterlockedExchange
GetLastError
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
Sleep
ReadFile
PeekNamedPipe
WriteFile
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
TerminateThread
CreateThread
GetStdHandle
FreeConsole
ExitProcess
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
SetEndOfFile
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

b47060fbcbd9d8ec9716eb4a0fdbc38f

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 7KB

Size: 4KB - Virtual size:

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 7KB