Report - shell.exe

Metasploit Meterpreter Generic Malware PE File PE64

ScreenShot

Info
Location map


Created	2024.10.20 09:19	Machine	s1_win7_x6403
Filename	shell.exe
Type	PE32+ executable (GUI) x86-64, for MS Windows
AI Score	8	Behavior Score	2.6
ZERO API	file : malware
VT API (file)	62 detected (AIDetectMalware, Metasploit, Malicious, score, HackTool, S9212471, Unsafe, Reverse64, through, uwccg, confidence, 100%, BZPS, Windows, Rozena, MsfShell, MSShellcode, Shelma, Kryptik, CLASSIC, XPACK, Gen7, Shell, SMB1, Real Protect, high, Meter, Static AI, Malicious PE, iigj, Detected, GrayWare, Meterpreter, R610915, FJIN, Probably Heur, ExeHeaderL, UVPM, GenAsa, RZuPNlUDbQk, susgen)
md5	95ce375ef761921a82f68524f8b4768a
sha256	aec0badd335d944f548235810e80b9a67a2828f3715b5cb21bd642d77211875c
ssdeep	24:eFGStrJ9u0/6UZZRnZdEBQAV8aKq9K9qGeNDJSqUmZEWdXCIGDpmB:is0LZZhEBQpE9sSDoqUjWZCSB
imphash	b4c6fff030479aa3b12625be67bf4914
impfuzzy	3:siBJJ671MOB:tUZB

Network IP location

Signature (4cnts)

Level	Description
danger	File has been identified by 62 AntiVirus engines on VirusTotal as malicious
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (5cnts)

Level	Name	Description	Collection
danger	MALWARE_Win_MeterpreterStager	Detects Meterpreter stager payload	binaries (upload)
danger	Windows_Trojan_Metasploit_91bc5d7d	(no description)	binaries (upload)
warning	Generic_Malware_Zero	Generic Malware	binaries (upload)
info	IsPE64	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
0x140003000 VirtualAlloc
0x140003008 ExitProcess

EAT(Export Address Table) is none

Similarity measure (PE file only) - Checking for service failure