15a3b8e1d8025cd762ea3d0cca1348b1554d1deef9561054daf77d9ed4e85580 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15a3b8e1d8025cd762ea3d0cca1348b1554d1deef9561054daf77d9ed4e85580
Size

148KB
MD5

22850695f627e7e206bc5c31b469b0cd
SHA1

5d951857739b904adf39c4b2237d07e9cdd3a176
SHA256

15a3b8e1d8025cd762ea3d0cca1348b1554d1deef9561054daf77d9ed4e85580
SHA512

54b40527768d06956d0056e7f0592bfa6b1c27f79241638e17593d6482f666d13b8ab17bfa6daca5b5b4dabcb0936cbee2c1d33304db4974159bca42513210e7
SSDEEP

3072:2CMiqJl3v1S4AsvdhxBz8bNk/AKItB/pL/s9hlSLUFWzf:2CMzfM4vxBIO+XpDnUUzf

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15a3b8e1d8025cd762ea3d0cca1348b1554d1deef9561054daf77d9ed4e85580

Files

15a3b8e1d8025cd762ea3d0cca1348b1554d1deef9561054daf77d9ed4e85580
.exe windows:1 windows x86 arch:x86

42db3a9eec38e38518b0e27d21bdf33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
GetStartupInfoA
lstrlenA
LoadLibraryA
GetModuleHandleA
GetProcAddress

crtdll

__GetMainArgs
exit
raise
signal

user32

GetDlgItemInt
SetTimer
KillTimer
LoadIconA
ShowWindow
LoadStringA
SendMessageA
GetDlgItem
wsprintfA
MessageBoxA
ReleaseDC
GetDC
GetSystemMetrics
InvalidateRect
EndPaint
BeginPaint
LoadCursorA
PostMessageA
PostQuitMessage
DialogBoxParamA
EndDialog
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.MPRESS1
Size: 142KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SCY
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE