metasploit | e04df6cb2a9616157fb73d7d2af77fd0N[.]exe

General

Target

e04df6cb2a9616157fb73d7d2af77fd0N.exe
Size

291KB
MD5

e04df6cb2a9616157fb73d7d2af77fd0
SHA1

ca45245dbc0ddd20e7451fd29d1b7d0ac841aa69
SHA256

7d29cf71fe7d030ed1476478d3bdd52595f782c1b9c88bb50b361927f19bd3dc
SHA512

647d51799ec9fb4865f27b37799af8aef6b4cb21bb3451dda91d07408863ee2a52357aa3c0c521f1f465455ff11dfa9c38ca850d1bc9e8c53b4ccf2635f534ee
SSDEEP

6144:RVtEJ2SJViuBQIJshK7OtPRM6NwExpEPerjMddf1Gga32qKL/UrTk:RDS2S6uBQK7Oo2dxpE53f1bVLcr

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_nonx_tcp

C2

67.212.67.74:20688

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e04df6cb2a9616157fb73d7d2af77fd0N.exe

Files

e04df6cb2a9616157fb73d7d2af77fd0N.exe
.dll windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

Initialize

Sections

.text
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

54qlyd1m
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qyirwjij
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hbg.grk0
Size: 250KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

05nbiq4k
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 204KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: - Virtual size: 204KB

.rsrc Size: 4KB - Virtual size: 4KB

54qlyd1m Size: - Virtual size: 16KB

qyirwjij Size: - Virtual size: 128KB

hbg.grk0 Size: 250KB - Virtual size: 252KB

05nbiq4k Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 204KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: - Virtual size: 204KB

.rsrc
Size: 4KB - Virtual size: 4KB

54qlyd1m
Size: - Virtual size: 16KB

qyirwjij
Size: - Virtual size: 128KB

hbg.grk0
Size: 250KB - Virtual size: 252KB

05nbiq4k
Size: 4KB - Virtual size: 4KB