288ee8b6d1dd7f012be39b1d9fff12f25e06828b26392ef13fff7851326d96ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

288ee8b6d1dd7f012be39b1d9fff12f25e06828b26392ef13fff7851326d96ff
Size

124KB
MD5

7a26edc075299c9357389099c5ee642f
SHA1

cf6a81e6aec24d7685c222d0713e435a32d0240d
SHA256

288ee8b6d1dd7f012be39b1d9fff12f25e06828b26392ef13fff7851326d96ff
SHA512

64a66021b43b0dec46c96d43d6509917f4190b3a5e3dce4f574800b095c61d2ad5ffe48a090a80f8b264e14a57ff4548d4c3b343bb1dde995c384f9bdabd15b0
SSDEEP

3072:Vq8f/oic1i9uTAlPQSDwEyWefHEvGdxETCpPJ:Y8f/U1iF/sUGdxET

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
288ee8b6d1dd7f012be39b1d9fff12f25e06828b26392ef13fff7851326d96ff

Files

288ee8b6d1dd7f012be39b1d9fff12f25e06828b26392ef13fff7851326d96ff
.exe windows:5 windows x86 arch:x86

ac92baf84ed1ae1c5f0fb7d23652858d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

SetTimer

shell32

ShellExecuteExW

ole32

CoInitializeEx

psapi

GetModuleBaseNameW

shlwapi

StrStrNIW

ntdll

memset

advapi32

RegFlushKey

msvcrt

__DestructExceptionObject

Sections

.didata
Size: 119KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE