metasploit | e61b900edf71faae6651386821c9c38d_JaffaCakes118

General

Target

e61b900edf71faae6651386821c9c38d_JaffaCakes118
Size

57KB
MD5

e61b900edf71faae6651386821c9c38d
SHA1

0c426a33674cb2f11d9e77ccdf5461800004eec5
SHA256

440a6fe3dce364d067328d92e8437f3ac798ad3b1b00f4d28f685b0a6feaa57a
SHA512

cca520b0b015f9b09e4cdb9f68e2a61dcf732ac6b24829993fdaa8e27474f4e2560af563c4e91e030ec673794012a7929b98ce21d45ef8f22766d2eb7286ee28
SSDEEP

768:sh8GuoRdGwpYnsAL13FVm9zT0E4AaNyvQ4T/DDKcj68oXD5D39cnza0mfs/WHNM0:Qfz6nsAFFDlIJT/nVuDhtcz21HNM6p

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e61b900edf71faae6651386821c9c38d_JaffaCakes118
unpack001/out.upx

Files

e61b900edf71faae6651386821c9c38d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 68B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 49KB - Virtual size: 52KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 79KB - Virtual size: 78KB

.rdata Size: 512B - Virtual size: 36B

.bss Size: - Virtual size: 68B

.idata Size: 512B - Virtual size: 496B

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 49KB - Virtual size: 52KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 79KB - Virtual size: 78KB

.rdata
Size: 512B - Virtual size: 36B

.bss
Size: - Virtual size: 68B

.idata
Size: 512B - Virtual size: 496B