metasploit | 251616233defcd3e48868275e9a8def897dfac26f6ca0d7b3006269cb3692c35[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

251616233defcd3e48868275e9a8def897dfac26f6ca0d7b3006269cb3692c35.exe
Size

25KB
MD5

4be169489637b646952fbe72ebdda140
SHA1

305fb8b9482c6be8acda94f4a45eb46b054016d9
SHA256

251616233defcd3e48868275e9a8def897dfac26f6ca0d7b3006269cb3692c35
SHA512

6552ebda01835ac5e27a27e987d4c0aa52c9bfdfd07225335e014c0fc278d73fc007514fcdd76cce0a14abedce6205027d2bff48377d55388ee5be5541b728c8
SSDEEP

192:WEkTCCSujPOxEtNvhHcuRB3Y+BlgpDYOjTB68D8O83uV69Vi:fCSMOxYphHcOYCGhTB68D+79V

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

10.0.2.15:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
251616233defcd3e48868275e9a8def897dfac26f6ca0d7b3006269cb3692c35.exe

Files

251616233defcd3e48868275e9a8def897dfac26f6ca0d7b3006269cb3692c35.exe
.exe windows:6 windows x86 arch:x86

66f6a5410da89604e3943a48c3c855f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateThread
VirtualAlloc
VirtualProtect
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThreadId
TerminateProcess

vcruntime140d

_except_handler4_common
memset
memmove
__std_type_info_destroy_list

ucrtbased

__p___argv
_cexit
_c_exit
_get_initial_narrow_environment
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_set_fmode
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_exit
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
rand
__p___argc
exit
_initterm_e
_execute_onexit_table
_initterm
_register_thread_local_exe_atexit_callback

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 810B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

66f6a5410da89604e3943a48c3c855f9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140d

ucrtbased

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.msvcjmc Size: 512B - Virtual size: 284B

.00cfg Size: 512B - Virtual size: 260B

.reloc Size: 1024B - Virtual size: 810B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.msvcjmc
Size: 512B - Virtual size: 284B

.00cfg
Size: 512B - Virtual size: 260B

.reloc
Size: 1024B - Virtual size: 810B