Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Metasploit

Trojan.Metasploit

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,936
Threat Level: 90 % (High)
Infected Computers: 145
First Seen: July 24, 2009
Last Seen: April 20, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Metasploit
Signature status: No Signature

Known Samples

MD5: 7474230f355b41762473804215167e2a
SHA1: 53dc78cfa5852746b8c9be18636edb42b853cd8e
File Size: 73.80 KB, 73802 bytes
MD5: d446185d1a839ca025c784ba8a9f9b29
SHA1: 37c369315ee75f2d63e997bdc59b6d00ffeafa83
SHA256: D0599BBEF2EF2DB10709388570A50A344653B81EC2F78E8D1A53BBCB1F78A452
File Size: 23.04 KB, 23040 bytes
MD5: 52878057f94af70d1068d897b9338d90
SHA1: be2675849276eb5426159dea4a7b9d6df10ab017
SHA256: 47A7FC1CD186020A693FC35671C30F17EFB081596210521844768720AEEB599E
File Size: 73.80 KB, 73802 bytes
MD5: cc26f137fe6b6ee19a107c2094246149
SHA1: 1fc0d2c9853cf809ef10d82fe002e050b47b69dd
SHA256: B0EDCA873043928F2179FF5F2888171ECF94C8D1D88FD995F1794CC17FEA4F99
File Size: 1.58 MB, 1579008 bytes
MD5: 7101aee96c364f705b69fb9ae3c41c45
SHA1: acc35b43097135a64bba10273a8e8e43586604ef
SHA256: B171B972E191906645BE5D73ED95F4096D172BB0D1708FAAC54CBB42FBD84BF4
File Size: 73.80 KB, 73802 bytes
Show More
MD5: bbc1b87d4b0b364bda7059d40954cc30
SHA1: d5b8719d2a2c780053feab7fb3e5dc0b9b44bc0c
SHA256: FAD59CB71FEB268FF8F154AAA75028FD3139A12D1729BFD4A3CDCC43035AC873
File Size: 22.53 KB, 22528 bytes
MD5: fdf73e11ae55c2ed86441b2f8e14f6c9
SHA1: c11bbb577c9121a2f797d746008f6546ab5d1c3c
SHA256: 8CE2547846C811AADB1E8C9FA06A754A02DA68F8E5E12A4BB77BF7BA9CA529BF
File Size: 29.18 KB, 29184 bytes
MD5: a67b444830c94b499a1d85a3daf03437
SHA1: c9d219bc378c099004b859644431c347f4db57d8
SHA256: DE5A50E47247793728A0A776D6BD42747204C07A9973847AE98BA9D826A6A0EC
File Size: 245.85 KB, 245852 bytes
MD5: 94b6618ea933212e71848315f22f2077
SHA1: 3d29ce5b65cb25a33b22e52a93d70bca48b9cad8
SHA256: 540D9553D9A0B0D6D125237AB1ADA0735C52FA3B4051816723CF094102981B4F
File Size: 245.85 KB, 245852 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
  • Part of Outbyte PC Repair
Company Name
  • Apache Software Foundation
  • Outbyte
File Description
  • ApacheBench command line utility
  • Eternalblue
  • Malware Detection Helper
  • SharpExcel4-DCOM
File Version
  • 2.3.2.19452
  • 2.2.14
  • 1.0.0.0
Internal Name
  • ab.exe
  • Eternalblue.exe
  • Malwaredetectionhelper
  • SharpExcel4-DCOM.exe
Legal Copyright
  • Copyright 2009 The Apache Software Foundation.
  • Copyright © 2016-2023 Outbyte Computing Pty Ltd
  • Copyright © 2019
  • Copyright © 2021
Legal Trademarks Copyright © 2016-2023 Outbyte Computing Pty Ltd
Original Filename
  • ab.exe
  • Eternalblue.exe
  • Malwaredetectionhelper.dll
  • SharpExcel4-DCOM.exe
Product Name
  • Apache HTTP Server
  • Eternalblue
  • Shared Library
  • SharpExcel4-DCOM
Product Version
  • 2.x
  • 2.2.14
  • 1.0.0.0

File Traits

  • .NET
  • 2+ executable sections
  • Agile.net
  • CryptUnprotectData
  • dll
  • Fody
  • HighEntropy
  • ntdll
  • WriteProcessMemory
  • x64
Show More
  • x86

Block Information

Total Blocks: 899
Potentially Malicious Blocks: 199
Whitelisted Blocks: 506
Unknown Blocks: 194

Visual Map

x x x x x x x x x x x 0 0 x x x x x x x x x x x x ? x x x x x ? x x x x x x ? ? ? ? ? x x x x x 0 0 x x x x x x x x x 0 x 0 x x x x x x x x x x 0 0 x x x 0 x x x x 0 0 x x x x x x 0 x x x x x x x ? x x x ? x ? x ? x x x x ? x ? ? ? x x x ? x x x x x x x x ? ? ? ? ? 0 0 0 0 x x x 0 x 0 ? x x ? ? x ? ? ? ? ? ? ? ? x ? x x x ? 0 x 0 ? x x 0 x x x ? x x x x x x x x x ? x 0 0 ? x x x x ? x ? ? ? ? 0 x ? ? ? 0 ? x 0 x 0 ? x ? x ? x x x x ? ? ? x ? ? ? ? x x x x x x x x x x x x x ? ? ? x ? ? x x ? ? x ? ? x x ? ? x x x x x x ? 0 0 x ? 0 0 ? ? 0 ? 0 x x ? 0 x x x x x x x 0 x 0 x x x 0 0 0 0 0 0 ? 0 x ? x ? x x 0 ? ? x x x x 0 ? 0 x x 0 ? x 0 x 0 x x 0 0 0 0 0 ? ? x x 0 0 ? 0 0 0 0 x 0 0 ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.XXS
  • MSIL.Downloader.Agent.BIG
  • MSIL.Metasploit.A
  • MSIL.SharpGPOAbuse.B
  • MSIL.SharpS.B
Show More
  • Swrort.A
  • Swrort.AB
  • Swrort.AE

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 똃ﴮමǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 똃ﴮමǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
Show More
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN

25 additional items are not displayed above.

User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • WriteConsole
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Terminate
  • TerminateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

"cmd.exe" /c ""c:\users\user\downloads\37c369315ee75f2d63e997bdc59b6d00ffeafa83_0000023040" exploit all"
WriteConsole: '"c:\users\user\
WriteConsole: file.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1fc0d2c9853cf809ef10d82fe002e050b47b69dd_0001579008.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c11bbb577c9121a2f797d746008f6546ab5d1c3c_0000029184.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...