metasploit | 8aafcdf4e753a774084f1d7c6cc062976d93706d51d9278ad7ab67fe04f0a8f8

Sharing

Copy URL Twitter E-mail

General

Target

8aafcdf4e753a774084f1d7c6cc062976d93706d51d9278ad7ab67fe04f0a8f8
Size

123KB
MD5

a90bb8c2875a2d5958c8faf74a2dc9a9
SHA1

e2c3d6cd5af7837a7e2b3dc6ce6f9a796757578a
SHA256

8aafcdf4e753a774084f1d7c6cc062976d93706d51d9278ad7ab67fe04f0a8f8
SHA512

b62cc8b0aa2afc8df29752652d510ba66eeff86d77b255c2db232396256e69356ee1a7c97675724b9122a8e5ba5ee504cc7a197d74d9b9350e48896f1a88d4ba
SSDEEP

3072:OwdAdlNz9gBpgrMRZUdwuMQXf+j+LnCM/Vf6:XdA7gBhkdwuMys4Vi

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.1.114:4302

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8aafcdf4e753a774084f1d7c6cc062976d93706d51d9278ad7ab67fe04f0a8f8
unpack001/out.upx

Files

8aafcdf4e753a774084f1d7c6cc062976d93706d51d9278ad7ab67fe04f0a8f8
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 1024B - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/110
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 152KB

UPX1 Size: 86KB - Virtual size: 88KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 492B

.rdata Size: 2KB - Virtual size: 2KB

/4 Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1KB - Virtual size: 1KB

/14 Size: 1KB - Virtual size: 1KB

/29 Size: 69KB - Virtual size: 68KB

/41 Size: 13KB - Virtual size: 12KB

/55 Size: 28KB - Virtual size: 27KB

/67 Size: 1024B - Virtual size: 886B

/78 Size: 6KB - Virtual size: 5KB

/94 Size: 26KB - Virtual size: 26KB

/110 Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 152KB

UPX1
Size: 86KB - Virtual size: 88KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 492B

.rdata
Size: 2KB - Virtual size: 2KB

/4
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

/14
Size: 1KB - Virtual size: 1KB

/29
Size: 69KB - Virtual size: 68KB

/41
Size: 13KB - Virtual size: 12KB

/55
Size: 28KB - Virtual size: 27KB

/67
Size: 1024B - Virtual size: 886B

/78
Size: 6KB - Virtual size: 5KB

/94
Size: 26KB - Virtual size: 26KB

/110
Size: 1KB - Virtual size: 1KB