metasploit | de23a8108244adf905c738435b8b9a32

Sharing

Copy URL Twitter E-mail

General

Target

de23a8108244adf905c738435b8b9a32
Size

101KB
MD5

de23a8108244adf905c738435b8b9a32
SHA1

0d8f0a3d87aee196fab2ce913e3c7fe019c86c11
SHA256

75a6bbbb4789e6f4fd1e608a0090314eb98982b689b36cb1b755ce564f4c1e9b
SHA512

ddd2965b0b6c1ae1dba19b434a7921c7985a66df787cd231a3e542ea51b078207bd0a16f234101b447aa2ed88750199fcea58cef0fb8b71b53606361a2ae2d9f
SSDEEP

384:XT0cEresyv/f0JRVe37xl99Sjvb99SjvhT:XQOlv/f0LV8799Sbh9Sb

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

http://95.179.143.234:4444/Hhz9ivFq6Lw3uja7V2ZZAgA3VSZ7jJ-Qhyl8FieeaJQLTJM1H3dUolVMOb9KluHjnHOR2XbbVxX23O5wEwT9-Eev9NEuNg-yS-vek_3Y_SuRRyJ3WxxcG6ZU2E1kWlF60sHIXdbYLgVt2pAANRXpLR_WifIGnjQgMup-ceQ6bVJD5_k0fpXs52WOvQQ_6bE1eZMyxwavcYoRbXZ

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de23a8108244adf905c738435b8b9a32

Files

de23a8108244adf905c738435b8b9a32
.exe windows:6 windows x86 arch:x86

5ff01f878cf00ec8df3a56eeb01adce4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Desktop\各种代码\C++\shellcode\ShellCode\Release\ShellCode.pdb

Imports

kernel32

VirtualAlloc
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

user32

GetThreadDesktop
EnumDesktopWindows

vcruntime140

_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

__p___argv
_initialize_onexit_table
__p___argc
_register_thread_local_exe_atexit_callback
_crt_atexit
_controlfp_s
terminate
_exit
_configure_narrow_argv
exit
_c_exit
_cexit
_set_app_type
_seh_filter_exe
_initterm_e
_initterm
_get_initial_narrow_environment
_register_onexit_function
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

5ff01f878cf00ec8df3a56eeb01adce4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5KB - Virtual size: 5KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 512B - Virtual size: 336B

.text
Size: 5KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 512B - Virtual size: 336B