metasploit | 4f1424363403e3cd599547f7381b38a0N[.]exe

General

Target

4f1424363403e3cd599547f7381b38a0N.exe
Size

291KB
MD5

4f1424363403e3cd599547f7381b38a0
SHA1

6ff2a8b806da95d0ceae0cd9654f0af9fba41b10
SHA256

eabe41fd5f8de1963e85cedd330a8d2f9380687bd81369f1cb1c58aa333c56fc
SHA512

6b850f072205af651265d6ab7f1642f1d11cd060d731a6ee8798fa43d4b3b60f424cd7b2878c4331b4d1180635f418f51a036e91ba667fe3f931c5eebbe85fca
SSDEEP

6144:9VtEJ2SJViuBQIJshK7OtPRM6NwExpEPerjMddf1Gga32qKL/UrTk:9DS2S6uBQK7Oo2dxpE53f1bVLcr

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_nonx_tcp

C2

67.212.67.74:20688

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f1424363403e3cd599547f7381b38a0N.exe

Files

4f1424363403e3cd599547f7381b38a0N.exe
.dll windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

Initialize

Sections

.text
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

54qlyd1m
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qyirwjij
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hbg.grk0
Size: 250KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

05nbiq4k
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 204KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: - Virtual size: 204KB

.rsrc Size: 4KB - Virtual size: 4KB

54qlyd1m Size: - Virtual size: 16KB

qyirwjij Size: - Virtual size: 128KB

hbg.grk0 Size: 250KB - Virtual size: 252KB

05nbiq4k Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 204KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: - Virtual size: 204KB

.rsrc
Size: 4KB - Virtual size: 4KB

54qlyd1m
Size: - Virtual size: 16KB

qyirwjij
Size: - Virtual size: 128KB

hbg.grk0
Size: 250KB - Virtual size: 252KB

05nbiq4k
Size: 4KB - Virtual size: 4KB