metasploit | 2982d00e83011f4179201d4e3eaff320N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2982d00e83011f4179201d4e3eaff320N.exe
Size

44KB
MD5

2982d00e83011f4179201d4e3eaff320
SHA1

1546e399561f37d4aa50be086e24ff83d7de0075
SHA256

dab59db34499ec024dfcb0e3727c27a123cc4861b593bd6bf72a476e4ad038dd
SHA512

002edcaeab012e101308a14ca204b2105b5c7a398122cd6fcccffea064d2a34958d69a9ca4e24d2ac6bfd27511a1205ce2ce9c32f455562dee8d8d77b370417b
SSDEEP

768:or22N4/BUkskLJQ8k5O9I2iivnUuJ2svraLtMNd2GrWhUHe3mT6vhbyN:W2UkskLJ/o232svrstMDOciy

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

192.168.56.104:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2982d00e83011f4179201d4e3eaff320N.exe

Files

2982d00e83011f4179201d4e3eaff320N.exe
.exe windows:4 windows x64 arch:x64

31ba17918b81ee0a031ba787d4fb4008

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileMappingW
CreateFileW
DeleteCriticalSection
EnterCriticalSection
FileTimeToSystemTime
FreeLibrary
GetConsoleWindow
GetFileSize
GetLastError
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery

msvcrt

fwprintf
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_unlock
abort
atoi
calloc
exit
fprintf
fputwc
free
fwrite
localeconv
malloc
mbstowcs
memcmp
memcpy
memset
signal
strcmp
strerror
strlen
strncmp
vfprintf
wcscat
wcscmp
wcscpy
wcslen

user32

ShowWindow

ws2_32

gethostbyname

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

31ba17918b81ee0a031ba787d4fb4008

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 1024B - Virtual size: 704B

.rdata Size: 4KB - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 132B

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 1024B - Virtual size: 704B

.rdata
Size: 4KB - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 132B