metasploit | eb5676436b27d6b45c58d2c1b242a70730edf87d83bf37c91965fdf4f89e7ab8 | Triage

Sharing

General

Target

eb5676436b27d6b45c58d2c1b242a70730edf87d83bf37c91965fdf4f89e7ab8
Size

45KB
MD5

18b367529c07b94296d4f6991c7e872a
SHA1

b7e3e3aa32bf4cde03d33ae8cb8fef9cd955b74a
SHA256

eb5676436b27d6b45c58d2c1b242a70730edf87d83bf37c91965fdf4f89e7ab8
SHA512

8ddd40f89c4b25cbba8600abbda1cc87006233c7fea747ea894c94d147ee51226cdc20982e39b9621dc89405e01b9e104e44eaa630a900839bc2854eb453b975
SSDEEP

768:IXZnvOalrz/xOXXubazL0jf3fuZwjjt5klTwa5p+jE/Jh3k3nbmX9/32Lq3:IJnmvXzzL/ZGR5kDp+9uRsq3

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_bind_tcp

Signatures

Metasploit family
metasploit
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

eb5676436b27d6b45c58d2c1b242a70730edf87d83bf37c91965fdf4f89e7ab8
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ