metasploit | b6d77b5e7c2fc3c47bdf24a57ef2b27f81331c0245340560971a4f7e80d10c53

Sharing

Copy URL Twitter E-mail

General

Target

b6d77b5e7c2fc3c47bdf24a57ef2b27f81331c0245340560971a4f7e80d10c53
Size

404KB
MD5

09c3f3744f9d690f86d1eb8aec46e220
SHA1

c6fadd7ac2d818f12bb5966c1e025ec7521796e0
SHA256

b6d77b5e7c2fc3c47bdf24a57ef2b27f81331c0245340560971a4f7e80d10c53
SHA512

e898af09debfc614e0707bb5bc670fff7058eca78d9c565a0b5b0ff77b49c8b2a6d1c6a9b590172e7777391b2b2a1a2c5222d7d85258358f2c9cbddeac9cae07
SSDEEP

6144:EQeW3lD8TTq1qBDRM5GO3MKMBmBbGezZIhu2k:EQeq98S1IRFuxGei6

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b6d77b5e7c2fc3c47bdf24a57ef2b27f81331c0245340560971a4f7e80d10c53
.exe windows x86

c011637169bf8c2108a0db173f634245

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateProcessA
GetTempPathA
CreateThread
ExitProcess
SetPriorityClass
lstrlenA
GetLocaleInfoA
MoveFileExA
GetCurrentProcess
GetCurrentThread
SetProcessPriorityBoost
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
lstrcpyA
OpenMutexA
CreateMutexA
ReleaseMutex
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
CopyFileA
SetFileAttributesA
GetCurrentProcessId
DeleteFileA
FreeLibrary
CreateRemoteThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
lstrcmpiA
WinExec
GetLogicalDriveStringsA
SetLastError
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventA
LeaveCriticalSection
ExitThread
EnterCriticalSection
OpenEventA
WaitForMultipleObjects
DeleteCriticalSection
WriteFile
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
CreateFileA
CloseHandle
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
Process32First
GetComputerNameA
GetConsoleOutputCP
WriteConsoleW
ReadFile
FlushFileBuffers
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
RaiseException
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
InitializeCriticalSection
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
WriteConsoleA
VirtualQuery
WideCharToMultiByte
InterlockedIncrement
GetACP

advapi32

LookupPrivilegeValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
RegQueryValueExA
OpenProcessToken
FreeSid
AllocateAndInitializeSid
GetUserNameA
RegOpenKeyExA

comctl32

ord17

mpr

WNetCancelConnection2A
WNetCancelConnectionA
WNetGetLastErrorA

ntdll

ZwSystemDebugControl
NtQuerySystemInformation

rpcrt4

RpcBindingFromStringBindingA
RpcBindingFree
RpcStringFreeA
RpcMgmtStatsVectorFree
RpcMgmtInqStats
RpcMgmtIsServerListening
RpcMgmtSetComTimeout
NdrClientCall2
RpcStringBindingComposeA

shell32

ShellExecuteExA
SHChangeNotify
ShellExecuteA

user32

IsCharAlphaA
IsCharAlphaNumericA
GetForegroundWindow
DestroyWindow
GetMessageA
FindWindowA
wsprintfA
GetWindowThreadProcessId
SwitchToThisWindow
RegisterDeviceNotificationA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

ws2_32

gethostbyname
recv
select
inet_addr
inet_ntoa
send
closesocket
socket
WSACleanup
htons
WSAGetLastError
htonl
WSAStartup
connect
ntohl
gethostname
ioctlsocket

Sections

UPX0
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

c011637169bf8c2108a0db173f634245

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

comctl32

mpr

ntdll

rpcrt4

shell32

user32

wininet

ws2_32

Sections

UPX0 Size: 400KB - Virtual size: 400KB

UPX0
Size: 400KB - Virtual size: 400KB