metasploit | 2c520095148a5f824698e612522908476c9fa34384d9d3c3910b8b65f832fadc[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2c520095148a5f824698e612522908476c9fa34384d9d3c3910b8b65f832fadc.exe
Size

352KB
MD5

1d5a88154b7ce76f02916f3d261f2da4
SHA1

4ac8c79f6b1811de1580ac352a8683fca03b654f
SHA256

2c520095148a5f824698e612522908476c9fa34384d9d3c3910b8b65f832fadc
SHA512

502b9f41acd56888acb2bd34067af10e1b3fbb3f4453c4f4f37fb2e40f4fdc0455231d2203222d791bf5a913f62434d625ff423de535ea0cac3ddee1e246cb42
SSDEEP

6144:eIB1qMjh0iZA2dPH2rC98qLqI/Lyv1MbDgpiilipQ5gfzDVlVXgJS:vPqMjh0iZPdPH2Etq5AQ5GpXZ

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

10.70.70.91:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c520095148a5f824698e612522908476c9fa34384d9d3c3910b8b65f832fadc.exe

Files

2c520095148a5f824698e612522908476c9fa34384d9d3c3910b8b65f832fadc.exe
.exe windows:10 windows x64 arch:x64

0e6bccf88f4251909d1746dba78cba57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

notepad.pdb

Imports

gdi32

SetMapMode
SetViewportExtEx
SetWindowExtEx
LPtoDP
SetBkMode
GetTextMetricsW
TextOutW
AbortDoc
EndDoc
SetAbortProc
StartDocW
StartPage
CreateDCW
EnumFontsW
GetTextFaceW
GetDeviceCaps
DeleteDC
DeleteObject
SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
EndPage
CreateFontIndirectW

user32

PostQuitMessage
BeginPaint
EndPaint
FillRect
DrawTextW
DrawFocusRect
DefWindowProcW
TrackMouseEvent
InvalidateRect
DestroyIcon
SetThreadDpiAwarenessContext
DialogBoxParamW
LoadIconW
GetFocus
MessageBoxW
ShowWindow
SetCursor
SetActiveWindow
EnableMenuItem
IsIconic
SetFocus
MessageBeep
GetForegroundWindow
GetDlgCtrlID
SetWindowPos
RedrawWindow
GetKeyboardLayout
CharNextW
SetWinEventHook
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
GetMenu
GetSubMenu
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
CheckMenuItem
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
SetScrollPos
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
MonitorFromWindow
RegisterWindowMessageW
LoadCursorW
LoadImageW
RegisterClassExW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
IsWindow
CreateDialogIndirectParamW
GetPropW
SetPropW
GetDlgItem
RemovePropW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
NotifyWinEvent
CreateWindowExW
GetWindowTextLengthW
GetClientRect
DestroyWindow
GetDpiForWindow
SystemParametersInfoForDpi
SendMessageW
MoveWindow
GetDC
LoadStringW
PostMessageW
ReleaseDC

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wtol
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_terminate
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o___stdio_common_vswprintf
_o__configure_wide_argv
_o___std_exception_destroy
_o___std_exception_copy
_o__configthreadlocale
_o___p__commode
_o__exit
_o__cexit
_o__callnewh
_o__beginthreadex
_o__errno
wcsrchr
wcschr
__C_specific_handler
memcmp
memcpy
memmove

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
FindResourceExW
LoadResource
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockExclusive
EnterCriticalSection
SetEvent
CreateEventExW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSString
GetLocaleInfoW
GetACP

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
PropVariantClear
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathIsFileSpecW
PathFileExistsW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalUnlock
LocalFree
LocalLock
GlobalAlloc
GlobalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
SetEndOfFile
GetFileAttributesExW
GetFileInformationByHandle
FindClose
FindFirstFileW
CreateFileW
ReadFile
GetDiskFreeSpaceExW
GetFullPathNameW
CreateDirectoryW
WriteFile

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetCommandLineW
SetCurrentDirectoryW

api-ms-win-core-string-l1-1-0

FoldStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
GlobalLock
GlobalUnlock

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-base-util-l1-1-0

IsTextUnicode

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

comctl32

ImageList_Create
ImageList_SetBkColor
ord381
ImageList_ReplaceIcon
ord410
ImageList_Draw
ImageList_GetIconSize
ord413
ImageList_Destroy
ord345
CreateStatusWindowW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

0e6bccf88f4251909d1746dba78cba57

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-eventing-provider-l1-1-0

api-ms-win-base-util-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

comctl32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 8KB - Virtual size: 5KB

.didat Size: 4KB - Virtual size: 248B

.rsrc Size: 124KB - Virtual size: 120KB

.reloc Size: 4KB - Virtual size: 760B

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 8KB - Virtual size: 5KB

.didat
Size: 4KB - Virtual size: 248B

.rsrc
Size: 124KB - Virtual size: 120KB

.reloc
Size: 4KB - Virtual size: 760B