metasploit | RjvPlatform[.]dll | Triage

Sharing

General

Target

RjvPlatform.dll
Size

9KB
MD5

42c0eca6e4092da7b58ad45699f99bfe
SHA1

ecdd424aca025a4b57750955298b3ef3995c057e
SHA256

57cf7d7537c6622ceeb9d0326be3af48dd4f3095fb6e2998db49616e450c7a74
SHA512

6687f477b891e00417cb9fd4c2ca557a659cf8599dcc9c0ed67b1ba3f6fe8787cb48ee5c082c1a25dccd45fb7a3e649e5471eb4de7bfbfd4502c7453fceb895b
SSDEEP

48:q0r+l6O5aXyn/hNhx4/jC/VcQkSD9C2zRb0E:dX02Qj5P

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

213.152.165.29:9500

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RjvPlatform.dll

Files

RjvPlatform.dll
.dll windows:6 windows x64 arch:x64

57d6e7112c8e716cfe2eb0ff9f36763c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateEventA
OpenEventA
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
CreateSemaphoreA

Sections

.text
Size: 1024B - Virtual size: 919B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ