metasploit | 8ba5b1ef8e3c963e8db44f280f31776d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ba5b1ef8e3c963e8db44f280f31776d_JaffaCakes118
Size

20KB
MD5

8ba5b1ef8e3c963e8db44f280f31776d
SHA1

2fa405bd0722759de1d281679982efa9d3f4ed0a
SHA256

36e3b37025beeaa2eea28033407cbfa676e729d28e211512a557fabc3183a1a2
SHA512

d8a0cb7295641ba5de8411627c375a0589525b447fcda42bc68a34fafb0533409112c41e3d6b8c27032d20ca0aad3985196505729b9b7bf81a272af6ce63f41a
SSDEEP

384:nrANk3ntHrj2W8aOkTZuEvtDRH1BP2j1KVlm9I85Us2fNfsaHa:cQntfP8oT8orH1BOjoq8RNE8

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8ba5b1ef8e3c963e8db44f280f31776d_JaffaCakes118
unpack001/out.upx

Files

8ba5b1ef8e3c963e8db44f280f31776d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE