× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8773efa5060669583432c729b4096072e84daec70a0053deba6608979b3c71f4
File name: custom_meterpreter_payload.exe
Detection ratio: 4 / 57
Analysis date: 2017-02-26 14:16:58 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
ClamAV Win.Exploit.Alpha_Upper-1 20170226
Kaspersky HEUR:Trojan.Win32.Generic 20170226
Microsoft Trojan:Win32/Swrort.A 20170226
Qihoo-360 HEUR/QVM01.1.0000.Malware.Gen 20170226
Ad-Aware 20170226
AegisLab 20170226
AhnLab-V3 20170226
Alibaba 20170226
ALYac 20170226
Antiy-AVL 20170226
Arcabit 20170226
Avast 20170226
AVG 20170226
Avira (no cloud) 20170226
AVware 20170226
Baidu 20170224
BitDefender 20170226
Bkav 20170225
CAT-QuickHeal 20170225
CMC 20170226
Comodo 20170226
CrowdStrike Falcon (ML) 20170130
Cyren 20170226
DrWeb 20170226
Emsisoft 20170226
Endgame 20170222
ESET-NOD32 20170226
F-Prot 20170226
F-Secure 20170226
Fortinet 20170226
GData 20170226
Ikarus 20170226
Sophos ML 20170203
Jiangmin 20170226
K7AntiVirus 20170226
K7GW 20170226
Kingsoft 20170226
Malwarebytes 20170226
McAfee 20170225
McAfee-GW-Edition 20170226
eScan 20170226
NANO-Antivirus 20170226
nProtect 20170226
Panda 20170226
Rising 20170226
Sophos AV 20170226
SUPERAntiSpyware 20170226
Symantec 20170226
Tencent 20170226
TheHacker 20170223
TrendMicro 20170226
Trustlook 20170226
VBA32 20170224
VIPRE 20170226
ViRobot 20170226
Webroot 20170226
WhiteArmor 20170222
Yandex 20170225
Zillya 20170224
Zoner 20170226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-24 20:13:45
Entry Point 0x000012C0
Number of sections 8
PE sections
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
AllocConsole
TlsGetValue
MultiByteToWideChar
GetCommandLineA
GetProcAddress
IsDBCSLeadByteEx
ReleaseSemaphore
WideCharToMultiByte
TlsFree
GetModuleHandleA
FindFirstFileA
InterlockedExchange
CreateSemaphoreW
CloseHandle
FindNextFileA
SetUnhandledExceptionFilter
InitializeCriticalSection
VirtualQuery
FindClose
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
FindWindowA
ShowWindow
__p__fmode
malloc
strtoul
__p__environ
realloc
fread
fclose
wcsftime
ungetwc
wcsxfrm
atexit
wcscoll
_lseek
_setmode
_stricoll
_fstat
fflush
fopen
strlen
towupper
_cexit
fputc
getwc
_fdopen
_errno
strtod
fwrite
fseek
strftime
_onexit
wcslen
fputs
ftell
_strdup
sprintf
memcmp
strxfrm
_filbuf
towlower
strchr
memset
tolower
_isctype
_fullpath
_pctype
vsprintf
free
getenv
setlocale
signal
atoi
vfprintf
__getmainargs
calloc
_write
iswctype
memcpy
strcoll
wcstombs
memmove
mbstowcs
_read
strerror
strcmp
abort
setvbuf
__mb_cur_max
ungetc
putwc
__set_app_type
_flsbuf
localeconv
memchr
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:24 21:13:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
650240

LinkerVersion
2.25

EntryPoint
0x12c0

InitializedDataSize
2849792

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
3072

File identification
MD5 fde0f0eeb3b18a4ef517128f9e55b636
SHA1 69d930a41f8c46d81df70a8a082f74f46d728794
SHA256 8773efa5060669583432c729b4096072e84daec70a0053deba6608979b3c71f4
ssdeep
49152:fT05YqADHv8gK3Yr+WxV7L7tb8t3SOoW2j6S9sNwJHjJD95ERm:feYqAh

authentihash 92e5caf6f4553e4523c27a466fad63c97d33fee81e51d53d2294d94397984b06
imphash 13ad6fe4d1032212b1e9bfdea53c7df0
File size 2.7 MB ( 2850816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-26 14:16:58 UTC ( 2 years, 1 month ago )
Last submission 2017-10-07 01:08:38 UTC ( 1 year, 6 months ago )
File names custom_meterpreter_payload.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Searched windows
Runtime DLLs