metasploit | cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3

Sharing

Copy URL

Twitter E-mail

General

Target

cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3
Size

44KB
MD5

ab14eebbddde508667b1b1e9b7f1986a
SHA1

94a85c921f06f92434d0ec1afe255f614ae4e2c0
SHA256

cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3
SHA512

765210301c019a89a14502e233cc88b10627cfed08b6f2ada0a5a8c57f8cb3c37662ad11e1f191ad5ab0267799b116afc1d2852cdf48c9097cff763274011ee8
SSDEEP

768:BmvsorugsJ69x5XtVufVnRjpn1eg3Sl50ltc5060:BMrugO69LXudRjpn1250c5060

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://134.175.219.23:7777/uNVC

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3

Files

cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3
.dll windows:6 windows x64 arch:x64

56aca6a76e9d8744847e478a105aa5ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python38

_Py_FalseStruct
PyModule_NewObject
PyMethod_Type
_Py_Dealloc
PyTuple_GetItem
PyImport_GetModuleDict
PyModule_GetDict
PyObject_Free
PyErr_ExceptionMatches
PyObject_GC_Del
PyObject_ClearWeakRefs
PyObject_Not
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyList_New
PyImport_AddModule
PyType_Ready
PyObject_GetAttrString
PyErr_Clear
PyUnicode_Decode
PyErr_Format
PyDict_SetItem
PyDict_New
_PyDict_GetItem_KnownHash
PyDict_GetItemString
PyModuleDef_Init
PyObject_GC_Track
PyBytes_FromStringAndSize
PyExc_TypeError
PyMem_Realloc
PyExc_NameError
PyTuple_Pack
PyMem_Malloc
PyExc_ImportError
_Py_TrueStruct
PyExc_SystemError
_PyObject_GC_New
PyEval_EvalFrameEx
PyUnicode_FromString
PyObject_Call
PyUnicode_FromStringAndSize
_PyObject_GetDictPtr
_Py_CheckRecursiveCall
PyEval_EvalCodeEx
PyErr_SetString
PyNumber_Multiply
PyTuple_GetSlice
PyExc_AttributeError
PyFrame_Type
PyDict_Size
PyDict_SetItemString
PyLong_FromString
PyTuple_New
_Py_NoneStruct
PyObject_GetAttr
Py_GetVersion
PyInterpreterState_GetID
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyTraceBack_Here
PyLong_FromSsize_t
PyErr_Occurred
PyImport_ImportModuleLevelObject
PyFrame_New
PyFunction_Type
PyErr_WarnEx
PyCode_NewEmpty
_Py_CheckRecursionLimit
PyThreadState_Get
PyOS_snprintf
PyCFunction_Type
PyUnicode_InternFromString
PyCode_New
PyObject_SetAttr

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset
strchr

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

Exports

Exports

PyInit_execute

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

56aca6a76e9d8744847e478a105aa5ee

Headers

DLL Characteristics

File Characteristics

Imports

python38

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 1024B - Virtual size: 1008B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 312B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 312B