metasploit | 9e17f134358ec7378e7e7f1bce3d48ebe42997cd24b3d427e7a32fc0e3aa6c41

Sharing

Copy URL Twitter E-mail

General

Target

9e17f134358ec7378e7e7f1bce3d48ebe42997cd24b3d427e7a32fc0e3aa6c41
Size

149KB
MD5

d4684b4ee8c810d1fe865a07a90b9838
SHA1

bb352a42dfc250e8a0f2fcf787dbc7dcd0f655f8
SHA256

9e17f134358ec7378e7e7f1bce3d48ebe42997cd24b3d427e7a32fc0e3aa6c41
SHA512

df3d45960d2a9112aa5a1740e14610f3b398f369f87492409cce0528ac91ee4368135e44c0c0330b88f4ddd4a310bb5517cdbfea3d21cf2e332d3c13378537cd
SSDEEP

3072:wlcXBJrN0mSsT3JR2Qh7JvkIdxUopL+X4/UVPtPLMdSSzl+I7/tG3JlR1:PXBJrNl3Jx7OKQX4/Urzmpl+lF1

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

154.194.164.188:7777

Signatures

Metasploit family
metasploit

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c.log
unpack001/e.exe

Files

9e17f134358ec7378e7e7f1bce3d48ebe42997cd24b3d427e7a32fc0e3aa6c41
.rar
c.log
.exe windows:5 windows x86 arch:x86

dbe5febb7a19ba19945a8e8ba6534abf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmd.pdb

Imports

kernel32

FlushConsoleInputBuffer
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
GetVDMCurrentDirectories
CmdBatNotification
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetThreadLocale
GetDiskFreeSpaceExW
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
CopyFileW
SetFileAttributesW
DeleteFileW
SetFileTime
CreateDirectoryW
FillConsoleOutputAttribute
SetConsoleTextAttribute
ScrollConsoleScreenBufferW
FormatMessageW
DuplicateHandle
FlushFileBuffers
HeapReAlloc
HeapSize
GetFileAttributesExW
LocalFree
GetDriveTypeW
InitializeCriticalSection
SetConsoleCtrlHandler
GetWindowsDirectoryW
GetConsoleTitleW
GetModuleFileNameW
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
SearchPathW
WriteFile
GetVolumeInformationW
SetLastError
MoveFileW
SetConsoleTitleW
MoveFileExW
GetBinaryTypeW
GetFileAttributesW
GetCurrentThreadId
CreateProcessW
LoadLibraryW
ReadProcessMemory
SetErrorMode
GetConsoleMode
SetConsoleMode
VirtualAlloc
VirtualFree
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCommandLineW
GetEnvironmentStringsW
GetLocalTime
GetTimeFormatW
FileTimeToLocalFileTime
GetDateFormatW
GetLastError
CloseHandle
SetThreadLocale
GetProcAddress
GetModuleHandleW
SetFilePointer
lstrcmpW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
ReadFile
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReadConsoleW
GetConsoleScreenBufferInfo
GetStdHandle
GetFileType
VirtualQuery
RaiseException
GetCPInfo
GetConsoleOutputCP
WideCharToMultiByte
GetFileSize
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetUserDefaultLCID
GetLocaleInfoW
SetLocalTime
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
calloc
_wcslwr
qsort
_vsnwprintf
wcsstr
_dup2
_dup
_open_osfhandle
_close
swscanf
_ultoa
_pipe
_seh_longjmp_unwind
_setmode
wcsncmp
iswxdigit
fflush
exit
_wtol
time
srand
__set_app_type
wcsrchr
malloc
free
wcstoul
_errno
iswalpha
printf
rand
swprintf
_iob
fprintf
towlower
realloc
setlocale
_snwprintf
wcscat
_wcsupr
wcsncpy
_wpopen
fgets
_pclose
memmove
wcschr
iswspace
_tell
longjmp
wcscmp
_wcsnicmp
_wcsicmp
wcstol
iswdigit
_getch
_get_osfhandle
_controlfp
_setjmp3
_except_handler3
wcscpy
wcslen
wcsspn
towupper

user32

GetUserObjectInformationW
GetThreadDesktop
MessageBeep
GetProcessWindowStation

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e.exe
.exe windows:4 windows x86 arch:x86

481f47bbb2c9c21e108d65f52b04c448

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_iob
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
wcsncmp
_close
wcslen
wcscpy
strerror
modf
strspn
realloc
__p__environ
__p__wenviron
_errno
free
strncmp
strstr
strncpy
_ftol
qsort
fopen
perror
fclose
fflush
calloc
malloc
signal
printf
_isctype
atoi
exit
__mb_cur_max
_pctype
strchr
fprintf
_controlfp
_strdup
_strnicmp

kernel32

PeekNamedPipe
ReadFile
WriteFile
LoadLibraryA
GetProcAddress
GetVersionExA
GetExitCodeProcess
TerminateProcess
LeaveCriticalSection
SetEvent
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetFileType
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentProcess
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
FormatMessageA
GetLastError
WaitForSingleObject
CreateEventA
SetStdHandle
SetFilePointer
CreateFileA
CreateFileW
GetOverlappedResult
DeviceIoControl
GetFileInformationByHandle
LocalFree

advapi32

FreeSid
AllocateAndInitializeSid

wsock32

getsockopt
connect
htons
gethostbyname
ntohl
inet_ntoa
setsockopt
socket
closesocket
select
ioctlsocket
__WSAFDIsSet
WSAStartup
WSACleanup
WSAGetLastError

ws2_32

WSARecv
WSASend

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dbe5febb7a19ba19945a8e8ba6534abf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

user32

Sections

.text Size: 126KB - Virtual size: 125KB

.data Size: 114KB - Virtual size: 114KB

.rsrc Size: 218KB - Virtual size: 218KB

481f47bbb2c9c21e108d65f52b04c448

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

wsock32

ws2_32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 126KB - Virtual size: 125KB

.data
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 218KB - Virtual size: 218KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB