metasploit | d44afcfc21b76ca43ef8d4a6281e328b8865b7ec9cb35396609e81392dc1c260[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d44afcfc21b76ca43ef8d4a6281e328b8865b7ec9cb35396609e81392dc1c260.zip
Size

50KB
MD5

42d51c08608154ed27546b1636ed81dc
SHA1

f3894b3a2dab602fcdca0cec8d983009b0fdb105
SHA256

d44afcfc21b76ca43ef8d4a6281e328b8865b7ec9cb35396609e81392dc1c260
SHA512

1c89b2d0a1f3b8c8c3d69f807ceb311bfb0bbcde229a9132f1d88f23f90299fc72dabedabb0c39760b0c4d5863734fddae91f280f781b4f5c75211fd2d71511b
SSDEEP

1536:qhFlK25SMTBPKyZfUlGp8Va4wkhez8Kvk43K:KFlPwMExVYcezNvk4a

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/exec

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/be7ee2dcfc1a970fb5424d22e37a8828fb858c5291811e5beb066ad39eba393d.exe

Files

d44afcfc21b76ca43ef8d4a6281e328b8865b7ec9cb35396609e81392dc1c260.zip
.zip

Password: infected
be7ee2dcfc1a970fb5424d22e37a8828fb858c5291811e5beb066ad39eba393d.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

147d1789d592e1879d27c7002d0c3f94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekNamedPipe
ReadFile
WriteFile
LoadLibraryA
GetProcAddress
GetVersionExA
GetExitCodeProcess
TerminateProcess
LeaveCriticalSection
SetEvent
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetFileType
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalFree
GetCommandLineW
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentProcess
SetHandleInformation
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
Sleep
FormatMessageA
GetLastError
WaitForSingleObject
CreateEventA
SetStdHandle
SetFilePointer
CreateFileA
CreateFileW
GetOverlappedResult
DeviceIoControl
GetFileInformationByHandle
LocalFree
GetCommandLineA

advapi32

FreeSid
AllocateAndInitializeSid

msvcrt

_iob
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
wcsncmp
_close
wcslen
wcscpy
strerror
modf
strspn
realloc
__p__environ
__p__wenviron
_errno
free
strncmp
strstr
strncpy
_ftol
qsort
fopen
perror
fclose
fflush
calloc
malloc
signal
printf
_isctype
atoi
exit
__mb_cur_max
_pctype
strchr
fprintf
_controlfp
_strdup
_strnicmp

ws2_32

WSARecv
WSASend

wsock32

getsockopt
connect
htons
gethostbyname
ntohl
inet_ntoa
setsockopt
socket
closesocket
select
ioctlsocket
__WSAFDIsSet
WSAStartup
WSACleanup
WSAGetLastError

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.otesddz
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vsnefjl
Size: 4KB - Virtual size: 10B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.omgknmk
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wasswst
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hevlkim
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

147d1789d592e1879d27c7002d0c3f94

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

wsock32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.otesddz Size: 4KB - Virtual size: 10B

.l1 Size: 8KB - Virtual size: 8KB

.vsnefjl Size: 4KB - Virtual size: 10B

.l1 Size: 8KB - Virtual size: 8KB

.l1 Size: 8KB - Virtual size: 8KB

.l1 Size: 8KB - Virtual size: 8KB

.omgknmk Size: 4KB - Virtual size: 10B

.l1 Size: 8KB - Virtual size: 8KB

.wasswst Size: 4KB - Virtual size: 10B

.l1 Size: 8KB - Virtual size: 8KB

.l1 Size: 8KB - Virtual size: 8KB

.hevlkim Size: 4KB - Virtual size: 10B

.l1 Size: 8KB - Virtual size: 8KB

.l1 Size: 8KB - Virtual size: 8KB

.l1 Size: 8KB - Virtual size: 8KB

.l1 Size: 8KB - Virtual size: 8KB

.l1 Size: 8KB - Virtual size: 8KB

We care about your privacy.

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB

.otesddz
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

.vsnefjl
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

.l1
Size: 8KB - Virtual size: 8KB

.l1
Size: 8KB - Virtual size: 8KB

.omgknmk
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

.wasswst
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

.l1
Size: 8KB - Virtual size: 8KB

.hevlkim
Size: 4KB - Virtual size: 10B

.l1
Size: 8KB - Virtual size: 8KB

.l1
Size: 8KB - Virtual size: 8KB

.l1
Size: 8KB - Virtual size: 8KB

.l1
Size: 8KB - Virtual size: 8KB

.l1
Size: 8KB - Virtual size: 8KB