metasploit | 589af1a866c474c65d1d45864c934b61

General

Target

589af1a866c474c65d1d45864c934b61
Size

302KB
MD5

589af1a866c474c65d1d45864c934b61
SHA1

a5afdd451eb08865a80b46ba9771355ff4d59852
SHA256

1f4d92bc290f502ff5ce65def5896b11b5f41b4cbc1ef49a77985f1d5a98ae73
SHA512

086f1132b762f22a0e0355b4ed06234333962ab74b6d171b75d5f3abfc7cf68993d1b059218a63adbc387a40342eab35bf90cde04e0df9e75243191af0712fcc
SSDEEP

6144:l0CEY5qWKe5vO0zS+NvCWAU8O+UppNt3+ueWCM+nzOv2/dNQw:lVHv5G0zBdCWAUDfNt3+u0VicPQw

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.88.133:4444

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
589af1a866c474c65d1d45864c934b61

Files

589af1a866c474c65d1d45864c934b61
.exe windows:4 windows x86 arch:x86

ec621ebfa8c5c43420efdcf2e3c27952

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

gdi32

BitBlt

wsock32

send

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

ec621ebfa8c5c43420efdcf2e3c27952

Headers

File Characteristics

Imports

kernel32

gdi32

wsock32

Sections

UPX0 Size: - Virtual size: 448KB

UPX1 Size: 300KB - Virtual size: 300KB

UPX2 Size: 512B - Virtual size: 4KB

.text Size: 1024B - Virtual size: 852B

UPX0
Size: - Virtual size: 448KB

UPX1
Size: 300KB - Virtual size: 300KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1024B - Virtual size: 852B