metasploit | 87cf607d4ba067607778dd0d61f86a681931b6a2864006b34ee892f8a56534dd

Sharing

Copy URL

Twitter E-mail

General

Target

87cf607d4ba067607778dd0d61f86a681931b6a2864006b34ee892f8a56534dd
Size

1.4MB
MD5

73dd6267a02812bf0cd839c89cfd7578
SHA1

ab07891f14783c76fe1f2978923db9c20053bdaf
SHA256

87cf607d4ba067607778dd0d61f86a681931b6a2864006b34ee892f8a56534dd
SHA512

add1255ed301084f3e7b39e885dd6e292cda2834f7828d50547642b153ae0380f785c1e33dd197673796eb8b486e7324b1eab4d569717f6b7abac779695d0195
SSDEEP

24576:B7B1iJHJT1DGh9idqu8HoHUp+JUsLauw1iJHJT1DGh9idqu8HoHUp+JUsLat:B7WTQIhGoSsLa2TQIhGoSsLa

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

metasploit_stager

10.10.14.8:1234

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87cf607d4ba067607778dd0d61f86a681931b6a2864006b34ee892f8a56534dd

Files

87cf607d4ba067607778dd0d61f86a681931b6a2864006b34ee892f8a56534dd
.exe windows:4 windows x86 arch:x86

958c2a9b1453bda1d16ee4d06228bab6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
HeapDestroy
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
Sleep
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcessHeap
InitializeCriticalSection
ReadFile
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoA
GetCurrentProcess
GetCommandLineA
GetTempFileNameW
FindResourceExW
FindResourceW
LoadResource
VerSetConditionMask
SetFilePointerEx
CreateDirectoryW
SizeofResource
FormatMessageW
GetVersionExW
GetModuleFileNameW
CreateFileW
lstrlenW
GetTempPathW
RaiseException
VerifyVersionInfoW
Process32FirstW
LockResource
RemoveDirectoryW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
DeleteFileW
LocalFree
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetStartupInfoW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileMappingW
SetFilePointer

shlwapi

PathAppendW
PathQuoteSpacesW

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatusEx

ole32

CoUninitialize
CoInitializeEx

shell32

ord680
SHGetFolderPathW

user32

wvsprintfW
CharLowerBuffW
MessageBoxW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 703KB - Virtual size: 703KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 703KB - Virtual size: 703KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

958c2a9b1453bda1d16ee4d06228bab6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

advapi32

ole32

shell32

user32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 703KB - Virtual size: 703KB

.reloc Size: 5KB - Virtual size: 5KB

.text Size: 6KB - Virtual size: 5KB

.rsrc Size: 703KB - Virtual size: 703KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 703KB - Virtual size: 703KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 703KB - Virtual size: 703KB