metasploit | a0d1f475741137d92a7180823899aab4d153cfa0684596c4ce710ebfcb84fed7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0d1f475741137d92a7180823899aab4d153cfa0684596c4ce710ebfcb84fed7
Size

47KB
MD5

645ab765fedac757723defc9e45b1050
SHA1

fb2fd42b2ae2334a2401446b137e198071660161
SHA256

a0d1f475741137d92a7180823899aab4d153cfa0684596c4ce710ebfcb84fed7
SHA512

5a251ec65f725f25068f70be71e96b674716a4143650aef809db88b9a80cc56e6b1ea5b4dd0ecd60a20557e7da7ff4c68ec8e4f1ceac353d7d077dbae9929609
SSDEEP

768:Iawa9d/Gp2wONfzideeL0NJ3SmtTqcfeHd6y3pnZb3Awhq3:IajvI2wOt0GJCmDfG6y3hZbQgq3

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

a0d1f475741137d92a7180823899aab4d153cfa0684596c4ce710ebfcb84fed7
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ