metasploit | a83f578f80de03713c436df4ab281cc74b98e4bbaf49411ad6e26d03cb917b39

Sharing

Copy URL Twitter E-mail

General

Target

a83f578f80de03713c436df4ab281cc74b98e4bbaf49411ad6e26d03cb917b39
Size

69KB
MD5

f97c0f19e84c79e9423b4420531f5a25
SHA1

42055e556a5b33536c346c875bac0fb015fe9035
SHA256

a83f578f80de03713c436df4ab281cc74b98e4bbaf49411ad6e26d03cb917b39
SHA512

f90fd56e0fc10d6ae4b7f53f66dda1536791960c43b03a22220ec6978906f283c25db6eeb51ee5b9512fd06c29104bd9a099ad0bd9b414e2d6d95b5629a88a03
SSDEEP

768:tleEM9rgcJcXfPP3lLuzZPKqPpi5WfgtPP3lLuzZPKqWo14g:tarOXfPP3lLuBZP0cfgtPP3lLuBZWI

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

128.199.6.246:3432

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a83f578f80de03713c436df4ab281cc74b98e4bbaf49411ad6e26d03cb917b39

Files

a83f578f80de03713c436df4ab281cc74b98e4bbaf49411ad6e26d03cb917b39
.dll windows:4 windows x86 arch:x86

ade5176debf3e13f9afa2c850ca3064e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_errno
_iob
abort
calloc
fflush
free
fwrite
malloc
memcpy
vfprintf

libgcc_s_dw2-1

__deregister_frame_info
__register_frame_info

Exports

Exports

main

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 100B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 63B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

ade5176debf3e13f9afa2c850ca3064e

Headers

File Characteristics

Imports

kernel32

msvcrt

libgcc_s_dw2-1

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 12B

.rdata Size: 42KB - Virtual size: 42KB

/4 Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 100B

.edata Size: 512B - Virtual size: 63B

.idata Size: 1024B - Virtual size: 876B

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 300B

/14 Size: 512B - Virtual size: 56B

/29 Size: 7KB - Virtual size: 7KB

/41 Size: 512B - Virtual size: 303B

/55 Size: 512B - Virtual size: 456B

/67 Size: 512B - Virtual size: 56B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 12B

.rdata
Size: 42KB - Virtual size: 42KB

/4
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 100B

.edata
Size: 512B - Virtual size: 63B

.idata
Size: 1024B - Virtual size: 876B

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 300B

/14
Size: 512B - Virtual size: 56B

/29
Size: 7KB - Virtual size: 7KB

/41
Size: 512B - Virtual size: 303B

/55
Size: 512B - Virtual size: 456B

/67
Size: 512B - Virtual size: 56B