metasploit | cmd[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cmd.exe
Size

240KB
MD5

e33b9cfb69c323e5c067b22f3b88b08d
SHA1

a94b23560f1a904fa3f4fe70ae5e8d2e9e9ecdc3
SHA256

466c911b669ffab7d9e1aea6478f21b9eaa3d22a9537517b624fbab05616330d
SHA512

b85a17f8a56112f3e95086fd30e58cb66fd330b7085cee393f205920f2062cd8c774a62ea66a944408f9de81a39311bd0e0bdf890355f8c251c575691e9568a1
SSDEEP

6144:mkEtvxlNh2N6dEwV0mDpbIz/EgayOzmDv:VEblNh2q0mtcLEHzYv

Score

10^/10

metasploit

Malware Config

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmd.exe

Files

cmd.exe
.exe windows:10 windows x86 arch:x86

fd97afec4dc549dcd1fe1dad15035df9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmd.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcsspn

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_narrow_environment
_o__get_osfhandle
_o__getch
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__open_osfhandle
_o__pclose
_o__pipe
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__ultoa
_o__ultoa_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcsupr
_o__wpopen
_o__wtol
_o_calloc
_o_exit
_o_feof
_o_ferror
_o_fflush
_o_fgets
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_iswxdigit
_o_malloc
_o_qsort
_o_rand
_o_realloc
_o_setlocale
_o_srand
_o_terminate
_o_towlower
_o_towupper
_o_wcstol
_o_wcstoul
_except_handler4_common
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__dup2
_o__dup
_o__crt_atexit
_o__controlfp_s
_o__configure_narrow_argv
_o__configthreadlocale
_o__close
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
wcsstr
wcsrchr
wcschr
longjmp
_local_unwind4
_setjmp3
memcmp
memcpy
_o__tell

ntdll

RtlCreateUnicodeStringFromAsciiz
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
NtCancelSynchronousIoFile
RtlNtStatusToDosError
NtQueryInformationProcess
NtSetInformationProcess
NtQueryVolumeInformationFile
NtSetInformationFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtOpenFile
RtlReleaseRelativeName
RtlFreeUnicodeString
RtlFindLeastSignificantBit
RtlDosPathNameToNtPathName_U
NtFsControlFile
RtlFreeHeap

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
EnterCriticalSection
DeleteCriticalSection
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapSize
HeapFree
HeapAlloc
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
CreateProcessAsUserW
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetCurrentThreadId
GetCurrentProcess
ResumeThread
GetCurrentProcessId
GetExitCodeProcess
TerminateProcess
OpenThread
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
GetCPInfo
SetThreadLocale
GetACP
GetThreadLocale
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualFree
VirtualAlloc
ReadProcessMemory

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleMode
GetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW
ReadConsoleW

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileExW
CompareFileTime
RemoveDirectoryW
GetFileSize
GetFileAttributesW
GetFileType
GetVolumePathNameW
SetFilePointer
SetFileTime
DeleteFileW
SetEndOfFile
SetFileAttributesW
GetDriveTypeW
CreateDirectoryW
ReadFile
GetVolumeInformationW
GetDiskFreeSpaceExW
CreateFileW
FlushFileBuffers
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
FileTimeToLocalFileTime
GetFullPathNameW
SetFilePointerEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentStringsW
SetEnvironmentVariableW
FreeEnvironmentStringsW
SearchPathW
GetCommandLineW
GetStdHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetEnvironmentStringsW

api-ms-win-core-console-l2-1-0

SetConsoleCursorPosition
FlushConsoleInputBuffer
FillConsoleOutputCharacterW
ScrollConsoleScreenBufferW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FillConsoleOutputAttribute

api-ms-win-security-base-l1-1-0

RevertToSelf
GetFileSecurityW
GetSecurityDescriptorOwner

api-ms-win-core-sysinfo-l1-1-0

SetLocalTime
GetSystemTime
GetSystemTimeAsFileTime
GetVersion
GetLocalTime
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx
MoveFileWithProgressW
MoveFileExW
CreateSymbolicLinkW

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-misc-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd97afec4dc549dcd1fe1dad15035df9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-io-l1-1-0

api-ms-win-core-console-l3-2-0

api-ms-win-core-processtopology-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 184KB - Virtual size: 184KB

.data Size: 512B - Virtual size: 109KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 84B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 184KB - Virtual size: 184KB

.data
Size: 512B - Virtual size: 109KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 84B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 9KB - Virtual size: 9KB