bb78f9f168814072ddf98eca78106b51b45cb426d5b768677d7e34aa6229d551 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb78f9f168814072ddf98eca78106b51b45cb426d5b768677d7e34aa6229d551
Size

390KB
MD5

5fbfd6a43edd0cc8d17c2ce26e7311bb
SHA1

1e2029657c0e68751096eedb01571b875717e8f3
SHA256

bb78f9f168814072ddf98eca78106b51b45cb426d5b768677d7e34aa6229d551
SHA512

6857dfcb3dd55aa8969d6c9dbde33952bbd32ad2d49a480c0945fa37cec5d06c8a2e024a486923712a6333ce16adf374e33152c1dc8399c201a66eed1beaf9c3
SSDEEP

3072:NlYwDUWyFcB9fu+JMl2uU82Ws7f9sjboPACTQembG4hWIY:NlfD1Yc7GIBgbzjbfLh2

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb78f9f168814072ddf98eca78106b51b45cb426d5b768677d7e34aa6229d551

Files

bb78f9f168814072ddf98eca78106b51b45cb426d5b768677d7e34aa6229d551
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 382KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE