C:\Users\user\source\repos\ShellCode_Loader\x64\Debug\test.pdb
Behavioral task
behavioral1
Sample
1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe
Resource
win10v2004-20240802-en
General
-
Target
1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992
-
Size
274KB
-
MD5
76aa650928178afd3cfeabc23b8b4074
-
SHA1
c08297db120619ddcbaa3edc994f733c13ea5b85
-
SHA256
1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992
-
SHA512
2a9233800ca1996c4ad2084ca59eb65ad0231e19e028d8c5d65ea99dd99d67d13ee6d91b3a5b67427a3c200cb269fcd5c939d72787f1bad89ed7af6bddf5a89f
-
SSDEEP
3072:UYRo4BWQ+bJ55IUpzqm1r8J+g2RJY9bC+KRZE6JNlhbxW9u3:UYAJ55IUpORx2LxtE6VhbxWk
Malware Config
Extracted
metasploit
metasploit_stager
192.168.110.138:8080
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992
Files
-
1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe windows:6 windows x64 arch:x64
56789fbc688a2da3338891407f0624aa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
GetEnvironmentVariableA
GetLastError
Process32NextW
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
TerminateProcess
vcruntime140
__C_specific_handler
__C_specific_handler_noexcept
__std_type_info_destroy_list
__current_exception
__current_exception_context
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
memcpy
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
_set_fmode
getchar
__stdio_common_vsprintf
__p__commode
__stdio_common_vsprintf_s
__stdio_common_vfprintf
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_seh_filter_exe
_exit
_crt_at_quick_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
_execute_onexit_table
_set_app_type
exit
_register_onexit_function
_seh_filter_dll
_initialize_onexit_table
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-string-l1-1-0
strcpy_s
strcat_s
Sections
.textbss Size: - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 119KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 373B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ