metasploit | 5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae[.]dll | Triage

Sharing

General

Target

5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae.dll
Size

8KB
MD5

43296c4ac197f6feae234bb99e90ad57
SHA1

6fe1b66534e85db1e8825b6b7cb9ee9fb621cfbd
SHA256

5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae
SHA512

944bdf639a907689804557d50f3d3d7f69edc02f4a08cbc952397753527cfd716613286af763cfe5834faaddce14812daeb7ed3ae5a63feaee4ed7627cedb701
SSDEEP

48:qUr3zU9G4aNVhnX5hthMt6dO54WTJ7d5b:+DIi59J7

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

172.105.66.118:8080

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae.dll

Files

5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae.dll
.dll windows:6 windows x86 arch:x86

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 661B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ