metasploit | aff40546b476774d08354d07c0c14020N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

aff40546b476774d08354d07c0c14020N.exe
Size

2.8MB
MD5

aff40546b476774d08354d07c0c14020
SHA1

7fb0c1c104d14f994fd5303b6647dd2a5b338837
SHA256

924d576fd328c4eb366669200b5690e10e3e4a17024efd95f9d0a69b496002d1
SHA512

4250056ad13e204032d5ee92d5c22b8509643d4992b6904db5e4c2c1d94b5ed4839efe2b7a7d1875b033bb2657167e5a1947d9bf2f87a50b06ebeead1adb36af
SSDEEP

49152:o9vgPi4Lp+1+zV9c9S7J5/iR7B/3blLYSNVMaxY3Y9fkHu+VHqIHN:WbCpEYV9uSF5/mt/Ll5xY3gkHu+VHXH

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

10.41.0.106:5994

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aff40546b476774d08354d07c0c14020N.exe

Files

aff40546b476774d08354d07c0c14020N.exe
.exe windows:4 windows x86 arch:x86

7aa42d7ecf92290b63998ca980d66549

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
LocalAlloc
LocalReAlloc
LocalFree
GetCurrentProcessId
LoadResource
LockResource
SizeofResource
FindResourceW
WideCharToMultiByte
GlobalSize
MulDiv
FormatMessageW
CopyFileW
MultiByteToWideChar
SetEvent
CreateEventW
GetCurrentThreadId
SetThreadPriority
ResumeThread
CompareStringW
lstrcmpA
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
EncodePointer
GetSystemDirectoryW
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
GlobalFlags
GetVersionExW
GetLocaleInfoW
VirtualProtect
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
SystemTimeToTzSpecificLocalTime
SetErrorMode
lstrcpyW
GetPrivateProfileIntW
GetCurrentDirectoryW
FindResourceExW
GetWindowsDirectoryW
GetTickCount
GetProfileIntW
GlobalAlloc
GetTempFileNameW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCommandLineW
MoveFileExW
ExitProcess
CreateProcessW
FindNextFileW
CreateMutexW
GetExitCodeProcess
CreateDirectoryW
GetLongPathNameW
RemoveDirectoryW
OpenProcess
GetDiskFreeSpaceExW
GetUserGeoID
ReadProcessMemory
QueryFullProcessImageNameW
GetSystemTime
SetFilePointerEx
QueueUserWorkItem
DeviceIoControl
InitializeCriticalSectionEx
ExpandEnvironmentStringsW
GetComputerNameW
IsBadReadPtr
IsBadWritePtr
OutputDebugStringW
GetEnvironmentVariableW
ResetEvent
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
OutputDebugStringA
SetLastError
GetLastError
LoadLibraryExW
VerifyVersionInfoW
FreeLibrary
VerSetConditionMask
GetProcAddress
LoadLibraryW
GetNativeSystemInfo
WaitForSingleObject
GetTempPathW
GetUserDefaultUILanguage
lstrlenW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualAlloc
GetCommandLineA
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
LoadLibraryExA
VirtualQuery
CreateThread
CloseHandle
SearchPathW
Sleep
GetSystemInfo
WaitForSingleObjectEx

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

OpenProcessToken
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
GetUserNameW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
AllocateAndInitializeSid
GetSidSubAuthority
RegGetValueW
FreeSid
CheckTokenMembership
GetTokenInformation
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipDrawImageI
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageGraphicsContext

msimg32

TransparentBlt
AlphaBlend

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

oledlg

OleUIBusyW

rpcrt4

UuidToStringW
RpcStringFreeW

uxtheme

GetCurrentThemeName
CloseThemeData
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemePartSize
OpenThemeData
DrawThemeParentBackground
DrawThemeText
GetThemeSysColor
DrawThemeBackground
GetWindowTheme

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data_1
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

7aa42d7ecf92290b63998ca980d66549

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

advapi32

gdiplus

msimg32

oleacc

imm32

winmm

oledlg

rpcrt4

uxtheme

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 447KB - Virtual size: 447KB

.data Size: 33KB - Virtual size: 56KB

.data_1 Size: 512B - Virtual size: 28B

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 161KB - Virtual size: 161KB

.text Size: 1024B - Virtual size: 540B

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 161KB - Virtual size: 161KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 447KB - Virtual size: 447KB

.data
Size: 33KB - Virtual size: 56KB

.data_1
Size: 512B - Virtual size: 28B

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 161KB - Virtual size: 161KB

.text
Size: 1024B - Virtual size: 540B

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 161KB - Virtual size: 161KB