df9fa2fe3a68628de90c744f55f9377b38abae626fdf5654de0e7e950f546c3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df9fa2fe3a68628de90c744f55f9377b38abae626fdf5654de0e7e950f546c3d
Size

221KB
MD5

5cfd6af044d7ae4a583d710020fa0951
SHA1

f7ad62340eb3275ed418b489e6e36a8016506ab2
SHA256

df9fa2fe3a68628de90c744f55f9377b38abae626fdf5654de0e7e950f546c3d
SHA512

c56fc9c87da06ebf291cba62430b9d7bf96473208170148e1c16afb333dc4f9af5889ff5905f195586326438898e2c084e98ae68cf502dfb5bf7e16efcec7191
SSDEEP

1536:WNTnFw/RhJ56CdgzjtrNVYTqDLl0yB135WFA+I1sBrH3pEQDNRrhTiZGZh2BgmQm:JR4jdNqTqHL+3phRrbhogmQ+Z

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df9fa2fe3a68628de90c744f55f9377b38abae626fdf5654de0e7e950f546c3d

Files

df9fa2fe3a68628de90c744f55f9377b38abae626fdf5654de0e7e950f546c3d
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 163KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE