37352ac352e0414831e518df29b28fb939aa6fe98d3c98d92001417d27a803bd | Triage

Sharing

General

Target

37352ac352e0414831e518df29b28fb939aa6fe98d3c98d92001417d27a803bd
Size

507KB
MD5

753a67cc8928ef8a81ec143d4b3f28c8
SHA1

0ebf5d8a696875b5e7cc6585acb69a9d0da919db
SHA256

37352ac352e0414831e518df29b28fb939aa6fe98d3c98d92001417d27a803bd
SHA512

ca6399071f093f3a8abcab5d893885d3fbde09bddcd09185cb8f27481dbf358977b3bfb3b9c1ff3cf388e4f7b13df44b98a7af2f09be716dcfe3b08d86672c62
SSDEEP

12288:HQ+Qu9yus9SznheNqBZ+AQ+AqZeq6FxTv:XI9SznheNqB7sqZeq6XTv

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37352ac352e0414831e518df29b28fb939aa6fe98d3c98d92001417d27a803bd

Files

37352ac352e0414831e518df29b28fb939aa6fe98d3c98d92001417d27a803bd
.exe windows:4 windows x86 arch:x86

667d2920f30825a569e99e87ab0b9e43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

atoi

oleaut32

GetErrorInfo

user32

wsprintfA

ws2_32

htons

Sections

.MPRESS1
Size: 17KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE