metasploit | 0b0493360949e88a1c6dbe2c3fb0f2e73147f3cf0ebb5922d6fd900b00fae1e9

Sharing

Copy URL

Twitter E-mail

General

Target

0b0493360949e88a1c6dbe2c3fb0f2e73147f3cf0ebb5922d6fd900b00fae1e9
Size

3.4MB
MD5

98d1469ae4d27d70d0093ad850fdfd6d
SHA1

1d4135536ce2bbfbda6f25c5e4313fda51ab5b63
SHA256

0b0493360949e88a1c6dbe2c3fb0f2e73147f3cf0ebb5922d6fd900b00fae1e9
SHA512

3cdbe708486ae3a6b87c065278f0498b5c20fce0053793ed45da51690ca9e5f55464666adfaab904a94c34c9463df5b4b6e8694cdf720ad9e1eee05b619f8b75
SSDEEP

49152:q0QJ6FS+l8GO6pcJ5foBQQb93LXemSuZjC1gmmQiINVBokJt3kauEgk0QAOjanZt:W8s+uGObJ5foM1gm9lB5IauEkSCnfz/P

Score

10^/10

metasploit

Malware Config

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b0493360949e88a1c6dbe2c3fb0f2e73147f3cf0ebb5922d6fd900b00fae1e9

Files

0b0493360949e88a1c6dbe2c3fb0f2e73147f3cf0ebb5922d6fd900b00fae1e9
.exe windows:5 windows x86 arch:x86

12b28c3ab5780e716a0d926895224c63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\obt-src\HardChargeMge\Client\bin\obtclnt.pdb

Imports

kernel32

DeviceIoControl
LoadLibraryExA
GlobalAddAtomA
GlobalFindAtomA
MoveFileA
LocalAlloc
GetLogicalDriveStringsW
QueryDosDeviceW
GetOverlappedResult
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
SetSystemTime
GetVersion
GetExitCodeProcess
FlushFileBuffers
SetHandleInformation
CreatePipe
PeekNamedPipe
GetModuleHandleExA
SetCurrentDirectoryA
CreateDirectoryA
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualFreeEx
HeapDestroy
ResetEvent
InitializeCriticalSection
TerminateProcess
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
SuspendThread
SetThreadContext
GetThreadContext
GetThreadTimes
VirtualProtectEx
SetFileAttributesA
GetSystemDirectoryA
CreateProcessA
OpenFileMappingA
CreateFileMappingA
CreateMutexA
UnmapViewOfFile
MapViewOfFile
WriteFile
SetErrorMode
OpenThread
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
VirtualProtect
QueueUserWorkItem
FindResourceExW
FindResourceW
CreateEventA
GetTickCount
GetCurrentThreadId
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
FindClose
CreateFileW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStdHandle
ExitProcess
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
LoadLibraryExW
RtlUnwind
QueryPerformanceFrequency
GetModuleHandleExW
SetThreadExecutionState
GetFileSizeEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
VerifyVersionInfoA
SetWaitableTimer
CreateWaitableTimerA
CreateEventW
SleepEx
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
WaitForMultipleObjects
SetEvent
LeaveCriticalSection
EnterCriticalSection
QueueUserAPC
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
TerminateThread
LocalFree
InterlockedCompareExchange
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
VerSetConditionMask
ReadProcessMemory
CreateFileA
ReadFile
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CopyFileA
DeleteFileA
GetTempFileNameA
GetTempPathA
FindResourceA
GetModuleFileNameA
SizeofResource
LoadResource
LockResource
FreeResource
IsWow64Process
GetVersionExA
GetNativeSystemInfo
CloseHandle
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ResumeThread
WriteProcessMemory
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetLocalTime
DosDateTimeToFileTime
SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
OpenProcess
DuplicateHandle
SetFileTime
SetFilePointer
GetFileType
MulDiv
IsDBCSLeadByte
GetFileSize
GetCurrentDirectoryA
GetACP
SetLastError
GetLastError
RaiseException
DecodePointer

user32

IsWindow
ShowWindow
SetWindowPos
IsWindowVisible
SetFocus
SetTimer
KillTimer
SetActiveWindow
GetForegroundWindow
SwitchToThisWindow
LockSetForegroundWindow
SetPropA
GetPropA
RemovePropA
ShowCursor
WindowFromPoint
GetWindowLongA
SetWindowLongA
MessageBoxA
TranslateMessage
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
SystemParametersInfoW
LoadImageW
LoadCursorW
OpenInputDesktop
SetCursorPos
CallWindowProcA
RemovePropW
GetPropW
SetPropW
MapVirtualKeyW
IsZoomed
BringWindowToTop
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
TrackMouseEvent
InvalidateRgn
CreateAcceleratorTableA
MoveWindow
GetCaretPos
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetMessageExtraInfo
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
GetCaretBlinkTime
ClientToScreen
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetWindowTextLengthA
SendMessageW
AdjustWindowRectEx
EnableWindow
GetClassInfoExA
AttachThreadInput
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
SwitchDesktop
GetWindowTextA
FindWindowExA
EnumWindows
GetClassNameA
OpenClipboard
GetClientRect
GetSystemMetrics
PostMessageA
GetWindowThreadProcessId
ClipCursor
GetIconInfo
DrawIconEx
InflateRect
GetSysColor
RedrawWindow
EndPaint
BeginPaint
ReleaseDC
GetDC
GetMessageA
UnregisterClassW
SystemParametersInfoA
LoadImageA
DestroyIcon
EnumChildWindows
SetParent
SetMenuDefaultItem
GetMenuItemID
DestroyMenu
LoadMenuA
CreateWindowExA
RegisterClassExA
DefWindowProcA
DrawAnimatedRects
RegisterWindowMessageA
IsIconic
AppendMenuA
CreateMenu
SetMenu
CreateDialogIndirectParamA
DestroyWindow
GetMonitorInfoA
MonitorFromWindow
LoadIconA
LoadCursorA
RegisterClassA
FindWindowA
GetClassLongA
GetCursorPos
SetCursor
GetWindowRect
SetWindowTextA
SetWindowRgn
SetForegroundWindow
TrackPopupMenu
GetSubMenu
GetMenu
SetWindowPlacement
GetWindowPlacement
PostQuitMessage
SendMessageA
UnregisterHotKey
RegisterHotKey
GetAncestor
GetDesktopWindow
keybd_event
PeekMessageA
DispatchMessageA
OffsetRect
UpdateLayeredWindow
GetDlgItem
CharNextA
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetUpdateRect
InvalidateRect
ScreenToClient
MapWindowPoints
IntersectRect
IsRectEmpty
PtInRect
GetParent
GetWindow
CharPrevA
DrawTextA
FillRect
SetRect

gdi32

GetTextColor
SetBitmapBits
CreateDCW
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
GetClipBox
CreatePolygonRgn
GetObjectA
SetTextColor
SetBkMode
SelectObject
PtInRegion
GetStockObject
FrameRgn
FillRgn
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
GetObjectType
CreatePen
Rectangle
RestoreDC
SaveDC
GetTextMetricsA
CreateDIBSection
SetWindowOrgEx
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsA
GetDIBits
GetClipRgn
GetTextExtentPoint32A
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
MoveToEx
TextOutA
ExtTextOutA
GdiFlush
CreatePatternBrush
GetBitmapBits
GetPixel
SetPixel
GetDeviceCaps
GetCurrentObject
SwapBuffers

advapi32

OpenSCManagerA
RegOpenKeyExA
RegSetValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegNotifyChangeKeyValue
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegFlushKey
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
QueryServiceStatusEx
ChangeServiceConfigA
ConvertStringSecurityDescriptorToSecurityDescriptorA
StartServiceA
QueryServiceStatus
OpenServiceA
RegCloseKey
ControlService
CloseServiceHandle
GetUserNameA
LookupPrivilegeValueA
LookupAccountSidA
FreeSid
AllocateAndInitializeSid

shell32

Shell_NotifyIconA
SHAppBarMessage
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
ShellExecuteA

ole32

CreateStreamOnHGlobal
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
OleSetContainedObject
OleLockRunning
OleUninitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
OleInitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
GetErrorInfo

shlwapi

PathFileExistsA
StrCmpNIA
wnsprintfA
PathRemoveFileSpecA
StrStrIA

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromResource
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipGetImageGraphicsContext
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImageRectI
GdipDrawImage
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateLineBrushI

dbghelp

MiniDumpWriteDump

ws2_32

accept
__WSAFDIsSet
bind
closesocket
connect
ioctlsocket
getsockname
getsockopt
htonl
listen
select
setsockopt
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASocketW
getaddrinfo
freeaddrinfo
getnameinfo
gethostname
gethostbyname
socket
shutdown
sendto
send
recvfrom
recv
ntohs
getpeername
inet_addr
inet_ntoa

iphlpapi

SendARP
GetAdaptersInfo

imm32

ImmDisableIME
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiChangeState
SetupDiGetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo

d3d9

Direct3DCreate9

comctl32

_TrackMouseEvent
ImageList_LoadImageA
ImageList_GetIcon
ord17

winmm

timeGetTime

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12b28c3ab5780e716a0d926895224c63

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

dbghelp

ws2_32

iphlpapi

imm32

wtsapi32

setupapi

d3d9

comctl32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 563KB - Virtual size: 563KB

.data Size: 21KB - Virtual size: 571KB

.tls Size: 512B - Virtual size: 41B

.gfids Size: 2KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 1.0MB - Virtual size: 2.1MB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 563KB - Virtual size: 563KB

.data
Size: 21KB - Virtual size: 571KB

.tls
Size: 512B - Virtual size: 41B

.gfids
Size: 2KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 1.0MB - Virtual size: 2.1MB