metasploit | 5276b39a55cb85f30195a5150dbb2b6407a596adbd3482cb0dc099049bba4224

General

Target

5276b39a55cb85f30195a5150dbb2b6407a596adbd3482cb0dc099049bba4224
Size

47KB
MD5

8c85fdc958d3299c7cb1fc0a82be0a28
SHA1

4a26a14a230e1285ee3b4e622fe7922292e8cff5
SHA256

5276b39a55cb85f30195a5150dbb2b6407a596adbd3482cb0dc099049bba4224
SHA512

5c1e96d4873e8f16e8dd5f7d7e6911ed3410986d55914a453835a0124eb2b3a617890b67b78d2a9de27ebe49e37c01cb16838cdbb178e78af51fd05223a4a1b1
SSDEEP

768:IB93PtkMdRPAowZUEkhwasYseaiqAiwEo03RnD/OjG9o7uQXq3:IH3FpRPAooUuleaiqVwEo0xD/LAuaq3

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

193.117.208.148:7800

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5276b39a55cb85f30195a5150dbb2b6407a596adbd3482cb0dc099049bba4224
unpack001/out.upx

Files

5276b39a55cb85f30195a5150dbb2b6407a596adbd3482cb0dc099049bba4224
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 43KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 43KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB