metasploit | 359d8900338721503e21e2ed85abd020N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

359d8900338721503e21e2ed85abd020N.exe
Size

250KB
MD5

359d8900338721503e21e2ed85abd020
SHA1

ab6c027b3669ff34958dad3a55dd11a173db70a8
SHA256

c9908ca1cfaa82c1e2fb2f4f726fee6dae6760e827b0a9807457b3a69fc2c9df
SHA512

5601df390663801cc466fb856f00d8fa2f0ca98833b2ff373f11c7dc929c5608b7ad70c3e1076e82c5118de356d9b2d0d499fa9e0f6546d7720888ddfb7b5968
SSDEEP

3072:DPrH1kXYP/Ellg/HLyt+1yzzk0BGqtDpsd1kwvFpuobFGoY46ehlb53yWlAVb0aq:Dr4oMll4a+4zzk0rpscoh5gBR0

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://154.204.60.102:81/jquery-3.3.1.min.js

Attributes

headers Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: freehish.xyz Referer: http://www.baidu.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
359d8900338721503e21e2ed85abd020N.exe

Files

359d8900338721503e21e2ed85abd020N.exe
.dll regsvr32 windows:6 windows x64 arch:x64

1bdab6dd6453168e7ec4d256eb27cb47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Process32First
WriteProcessMemory
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
CreateThread
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
IsWow64Process
WriteConsoleW
CreateFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
RtlUnwind

user32

MessageBoxA

Exports

Exports

AreThereVisibleLogoffScripts
AreThereVisibleShutdownScripts
CreateAppContainerProfile
CreateEnvironmentBlock
CreateProfile
DeleteAppContainerProfile
DeleteProfileA
DeleteProfileW
DeriveAppContainerSidFromAppContainerName
DeriveRestrictedAppContainerSidFromAppContainerSidAndRestrictedName
DestroyEnvironmentBlock
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserA
ExpandEnvironmentStringsForUserW
ForceSyncFgPolicy
FreeGPOListA
FreeGPOListW
GenerateGPNotification
GetAllUsersProfileDirectoryA
GetAllUsersProfileDirectoryW
GetAppContainerFolderPath
GetAppContainerRegistryLocation
GetAppliedGPOListA
GetAppliedGPOListW
GetDefaultUserProfileDirectoryA
GetDefaultUserProfileDirectoryW
GetGPOListA
GetGPOListW
GetNextFgPolicyRefreshInfo
GetPreviousFgPolicyRefreshInfo
GetProfileType
GetProfilesDirectoryA
GetProfilesDirectoryW
GetUserProfileDirectoryA
GetUserProfileDirectoryW
HasPolicyForegroundProcessingCompleted
LeaveCriticalPolicySection
LoadProfileExtender
LoadUserProfileA
LoadUserProfileW
ProcessGroupPolicyCompleted
ProcessGroupPolicyCompletedEx
RefreshPolicy
RefreshPolicyEx
RegisterGPNotification
RsopAccessCheckByType
RsopFileAccessCheck
RsopLoggingEnabled
RsopResetPolicySettingStatus
RsopSetPolicySettingStatus
UnloadProfileExtender
UnloadUserProfile
UnregisterGPNotification
WaitForMachinePolicyForegroundProcessing
WaitForUserPolicyForegroundProcessing
dontmatter

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1bdab6dd6453168e7ec4d256eb27cb47

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 146KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 3KB