metasploit | d43aa489316d5a67e46b1e9dda7aa780

Sharing

Copy URL Twitter E-mail

General

Target

d43aa489316d5a67e46b1e9dda7aa780
Size

160KB
MD5

d43aa489316d5a67e46b1e9dda7aa780
SHA1

9fdf1542affc6251abbd4c1b8db839cda10376de
SHA256

6a11f6a94411e09feac10f46e864676536b8cb9e850c6e0c6c1bcdc91d9464de
SHA512

d1e2831cb3bfab2979cae7ffd99775692445fd43439561d6bbc49af00e90844e1abc008d18ee7707595a31baef36bac65f9f635693508dd70182c6e7bbd2e64b
SSDEEP

3072:nwDYqw9yjw4i3ZM1yI4dHcEX8DIILiWGazua25F/oS:nKGwM4YZM1yxbX231G

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d43aa489316d5a67e46b1e9dda7aa780

Files

d43aa489316d5a67e46b1e9dda7aa780
.exe .vbs windows:4 windows x86 arch:x86 polyglot

23ec2320f665b173189b84b06442f39a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

fseek
ftell
malloc
fwrite
_stat
free
strncmp
_snprintf
_vsnprintf
sscanf
strtoul
fopen
fread
fclose
strtok
atoi
strstr
strncpy
exit
sprintf
srand
rand

kernel32

GetTickCount
CreateThread
Sleep
CreateMutexA
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
GetProcAddress
LoadLibraryA
TerminateThread
WinExec
lstrcmpA
CloseHandle
ReadFile
lstrlenA
GetFileSize
CreateFileA
lstrcpyA
DeleteFileA
WriteFile
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoA
GetVersionExA
CreateProcessA
FindClose
FindNextFileA
SetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
GetEnvironmentVariableA
lstrcatA
MoveFileExA
GetShortPathNameA
lstrcpynA
GetLastError
WaitForSingleObject
lstrcmpiA
OpenProcess
ExitThread
LocalFree
LocalAlloc
GetWindowsDirectoryA
SetFileTime
GetFileTime
SearchPathA
Process32Next
TerminateProcess
Process32First
CreateToolhelp32Snapshot

user32

wsprintfA
GetKeyState
CharLowerA
EnumWindows
GetWindowTextA
GetClassNameA
VkKeyScanA
keybd_event
SetFocus
SetForegroundWindow
BringWindowToTop
CloseClipboard
SetClipboardData
PostMessageA
SetWindowPos
MessageBoxA
FindWindowA
GetForegroundWindow
GetAsyncKeyState
ShowWindow
OpenClipboard
EmptyClipboard

ws2_32

ntohs
inet_ntoa
getpeername
getsockname
gethostbyname
gethostname
WSAConnect
WSACleanup
inet_addr
setsockopt
bind
select
ioctlsocket
__WSAFDIsSet
WSASocketA
listen
accept
send
htons
socket
connect
closesocket
recv
WSAStartup

advapi32

StartServiceCtrlDispatcherA
DeleteService
OpenServiceA
OpenSCManagerA
CloseServiceHandle
EnumServicesStatusA
SetServiceStatus
RegisterServiceCtrlHandlerA
ImpersonateLoggedOnUser
OpenProcessToken
CreateServiceA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
QueryServiceLockStatusA
LockServiceDatabase
RegCloseKey
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

odbc32

ord41
ord11
ord31
ord24
ord75

crypt32

CryptUnprotectData

Sections

0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

23ec2320f665b173189b84b06442f39a

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

advapi32

shell32

psapi

wininet

odbc32

crypt32

Sections

0 Size: 28KB - Virtual size: 28KB

1 Size: 4KB - Virtual size: 4KB

2 Size: 4KB - Virtual size: 4KB

3 Size: 16KB - Virtual size: 16KB

4 Size: 4KB - Virtual size: 4KB

5 Size: 68KB - Virtual size: 68KB

6 Size: 4KB - Virtual size: 4KB

7 Size: 28KB - Virtual size: 28KB

0
Size: 28KB - Virtual size: 28KB

1
Size: 4KB - Virtual size: 4KB

2
Size: 4KB - Virtual size: 4KB

3
Size: 16KB - Virtual size: 16KB

4
Size: 4KB - Virtual size: 4KB

5
Size: 68KB - Virtual size: 68KB

6
Size: 4KB - Virtual size: 4KB

7
Size: 28KB - Virtual size: 28KB