metasploit | ed6c216a271fe40d983fd6a7b3fb0b387b6131861382fb20c0ac4dac5435a838[.]exe | Triage

Sharing

General

Target

ed6c216a271fe40d983fd6a7b3fb0b387b6131861382fb20c0ac4dac5435a838.exe
Size

15KB
MD5

1935b98626a164e6b3751b0958bb098e
SHA1

895c408f412f3cfc455cc0d7fc957e0d1d5e8f99
SHA256

ed6c216a271fe40d983fd6a7b3fb0b387b6131861382fb20c0ac4dac5435a838
SHA512

a95be28ea4bbfd2c0f14138ab7bf9ea20692b4c6600fe9b3b8dbf12a92f47fc888d4ffd4f6ba759562def9ed7a6ae8c1c4bead3364d0a76015a9f1c9e67668ba
SSDEEP

192:l4taSvxE24K9aE9anq7Fbp7htdTNFnGYeyFozC4R:lIvQK9XNx/txnnrJaWG

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_bind_tcp

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed6c216a271fe40d983fd6a7b3fb0b387b6131861382fb20c0ac4dac5435a838.exe

Files

ed6c216a271fe40d983fd6a7b3fb0b387b6131861382fb20c0ac4dac5435a838.exe
.exe windows:4 windows x86 arch:x86

e5d57ba56be42f1e64ad543417e133bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memset
signal

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 184B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE