metasploit | 14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175

Sharing

Copy URL

Twitter E-mail

General

Target

14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175
Size

1.2MB
MD5

d2bbd199868de5ca06e93ecdc8e14ff3
SHA1

d7335736dab4c77dec298153ff879f435b1afbd8
SHA256

14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175
SHA512

a1b9b3a4fd90327e3fa66f7eda279b2bc8ff16fad699750d04b5beffec67cbf82d53753d33026262e7ed1848e74fcef0c990438a196d1413a4eae10261d67816
SSDEEP

24576:v2zijmhY7UcwPwxbFNbnMH3TOBXYYTe/ypvE/WsjzZEv5dRaseJ8:v2zhcwoxbFN7y3UEKpEKv5dRasem

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175

Files

14845a0ffcdb24e4a30bbb64a51400e1dfbcbd67c78399da5a56242f9dc7b175
.dll windows:5 windows x64 arch:x64

aefe7b5f581e629abc27fe21b1076848

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\proj\m\bi\contrib-2.1.0\ports\win32\msvc\bin\x64\Release\myrup_test.pdb

Imports

kernel32

SetLastError
GetCurrentProcess
LoadLibraryA
ResumeThread
GetCurrentThreadId
OutputDebugStringA
CreateEventA
SetEvent
GetConsoleCP
GetTickCount
CreatePipe
GetStartupInfoA
SetConsoleOutputCP
CreateProcessA
PeekNamedPipe
ReadFile
WriteFile
GetLastError
TerminateProcess
HeapFree
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
ExitProcess
GetProcessHeap
SizeofResource
Process32First
FindFirstFileA
FindNextFileA
SetFilePointer
GetProcAddress
FindClose
OpenProcess
CreateToolhelp32Snapshot
GetFileAttributesA
CreateFileA
LockResource
DeleteFileA
Process32Next
LoadResource
SetFileAttributesA
WTSGetActiveConsoleSessionId
GetFileSize
LocalFree
CreateMutexW
SetErrorMode
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceFrequency
CreateSemaphoreA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WaitForSingleObject
CreateThread
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
ExitThread
OpenThread
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetCurrentProcessId
FindResourceA
Sleep
FlushFileBuffers
GetStringTypeW
LCMapStringW
ReadConsoleW
SetFilePointerEx
GetFileType
GetStdHandle
GetACP
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventW
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
EncodePointer
TlsAlloc

advapi32

CryptAcquireContextA
CryptGenRandom
OpenProcessToken
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoCreateGuid

shlwapi

PathFileExistsA

fwpuclnt

FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmTransactionCommit0
FwpmFilterCreateEnumHandle0
FwpmEngineOpen0
FwpmTransactionBegin0
FwpmFilterEnum0
FwpmFilterDestroyEnumHandle0
FwpmEngineClose0
FwpmFilterDeleteByKey0
FwpmFreeMemory0
FwpmFilterAdd0

iphlpapi

GetAdaptersAddresses

userenv

GetUserProfileDirectoryA

ws2_32

inet_ntoa
inet_addr
ntohs
ntohl
WSAStartup
inet_ntop

Exports

Exports

ServiceMain
Test

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 506KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

aefe7b5f581e629abc27fe21b1076848

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

shlwapi

fwpuclnt

iphlpapi

userenv

ws2_32

Exports

Exports

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 506KB - Virtual size: 526KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 360KB - Virtual size: 360KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 506KB - Virtual size: 526KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 360KB - Virtual size: 360KB

.reloc
Size: 2KB - Virtual size: 1KB