metasploit | d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN

Sharing

Copy URL Twitter E-mail

General

Target

d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN
Size

4.6MB
MD5

001d51767401c030ab2d4620a7d2a570
SHA1

b9274337f7bf42056664efdd2c9d32d68baa7a7c
SHA256

d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391d
SHA512

d80c8a36e3d3931609535973e2a22639340b3b0957a41aa48698a6af6a33de1c16f96087ad93bfa524cedf6a128210d20c06f4939524fa5096965853509aac44
SSDEEP

3072:xYVlF22d/HAMt0WSt+/x3y6dykvOCVwOU3R4KyslRzXtDm+t6V:ydd/HAMt0Lt8xuQV1UBXy+zXtDmU6

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN

Files

d520d628a5e3f224f182deda39666e59088861e5bff30e83efaf8317b086391dN
.exe windows:4 windows x86 arch:x86

8d9d40d3d77db20689b4f35ab163abfd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetCurrentProcess
GetVersionExA
TerminateThread
TransactNamedPipe
CreateFileA
CopyFileA
lstrlenA
WriteFile
SetFileAttributesA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleHandleA
GetComputerNameA
IsDebuggerPresent
lstrcpyA
GetTempPathA
WaitForSingleObject
DeleteCriticalSection
QueryPerformanceCounter
ExitProcess
CreateProcessA
ReleaseMutex
DeleteFileA
CreateMutexA
GlobalMemoryStatusEx
GetTimeFormatA
GetDateFormatA
GetSystemDirectoryA
GetLocaleInfoA
ReadProcessMemory
OpenProcess
Module32Next
TerminateProcess
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetCurrentThread
LocalAlloc
GetFileAttributesA
SetFileTime
GetFileTime
GetWindowsDirectoryA
SetEnvironmentVariableA
CompareStringW
InitializeCriticalSectionAndSpinCount
GetLastError
ExitThread
lstrcmpiA
GetModuleFileNameA
CreateThread
MultiByteToWideChar
Sleep
QueryPerformanceFrequency
GetTickCount
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetExitCodeProcess
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
InitializeCriticalSection
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
RaiseException
HeapSize
GetCPInfo

user32

CharLowerA
wsprintfA

advapi32

RegSetValueExA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

gethostname
setsockopt
gethostbyname
ioctlsocket
sendto
WSASocketA
closesocket
inet_addr
htons
connect
send
recv
htonl
ntohs
WSAStartup
socket

iphlpapi

GetUdpTable

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

8d9d40d3d77db20689b4f35ab163abfd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 12KB - Virtual size: 12KB