64578533f2982796a06c9dae9611692d1bb189e02d0f892db1145e6b2f73bf00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64578533f2982796a06c9dae9611692d1bb189e02d0f892db1145e6b2f73bf00
Size

1.5MB
MD5

f3a7ea7f5eddaad07336e20dc48cb135
SHA1

909e8923218d4feaf319270b6d3894301d8eedfb
SHA256

64578533f2982796a06c9dae9611692d1bb189e02d0f892db1145e6b2f73bf00
SHA512

883aeba1411189ef03e367b767f010e7fa565dd96ac8809034539f9714bed6d6a59b8952602668b11035acb27b7a278d9f65471af635d07a1e2afb87823ce026
SSDEEP

3072:OPgpZXXRvjxCb5NgXDY7uSlkJcUa7kYQTcqW2NdQQGH/UDhSCUc4aqTBWQr:yElKgzelZNQSBQGH/CSpWqT

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64578533f2982796a06c9dae9611692d1bb189e02d0f892db1145e6b2f73bf00

Files

64578533f2982796a06c9dae9611692d1bb189e02d0f892db1145e6b2f73bf00
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 403KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE