metasploit | 401728cf630efabcabee2582c9bb091cc56dec6e7e712b582464a25feef66a7f[.]exe

General

Target

401728cf630efabcabee2582c9bb091cc56dec6e7e712b582464a25feef66a7f.exe
Size

3.7MB
MD5

484db7f2e2bf5ae4da96f311cbb6e264
SHA1

63456f72c577c87363724230073abc62c1f87e99
SHA256

401728cf630efabcabee2582c9bb091cc56dec6e7e712b582464a25feef66a7f
SHA512

84269f26ceb6610140fecc635792f143d908c5870bb0a69f2f18992843ebb0e431ab846a5a6c0850f9486d9ea8ae337fe5d76ae590915a2359f2678cd48ccb9c
SSDEEP

49152:nUUvltf6SGd/FGfIsTE665h0dEY2nU5h0dEY2a:UUveSGt4NTEH5xJnU5xJa

Score

10^/10

upx metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.0.194:5555

Signatures

Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
401728cf630efabcabee2582c9bb091cc56dec6e7e712b582464a25feef66a7f.exe

Files

401728cf630efabcabee2582c9bb091cc56dec6e7e712b582464a25feef66a7f.exe
.exe windows:4 windows x64 arch:x64

daa01a2e7e70ef8b3ed0f442eacb2f8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

FreeSid

comctl32

ImageList_Create

crypt32

CryptMsgClose

gdi32

LineTo

kernel32

LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect

msvcrt

atoi

ole32

CoCreateGuid

setupapi

CM_Get_Child

shell32

ShellExecuteA

shlwapi

StrStrIA

user32

GetDC

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tftg
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

daa01a2e7e70ef8b3ed0f442eacb2f8a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

crypt32

gdi32

kernel32

msvcrt

ole32

setupapi

shell32

shlwapi

user32

Sections

UPX0 Size: - Virtual size: 2.9MB

UPX1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 41KB - Virtual size: 44KB

.tftg Size: 1KB - Virtual size: 1KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 41KB - Virtual size: 44KB

.tftg
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB