2145e91ffbd00b642a0cca18aa3aba488fa84c0f9cb1d3014637f80970890d64 | Triage

Sharing

General

Target

2145e91ffbd00b642a0cca18aa3aba488fa84c0f9cb1d3014637f80970890d64
Size

96KB
MD5

b22ca9c94a50ff1e4435bd74ae21a1e7
SHA1

94e33b4864bacf9ff4ccd4ebaf3c9616ff6091e3
SHA256

2145e91ffbd00b642a0cca18aa3aba488fa84c0f9cb1d3014637f80970890d64
SHA512

9f138e59d7387537fca2678aedb58ce3a45868e519c277c1150ee154791fa4d02427807b5fb5ed98d7b3a5e9a07360be29768e9d399396159e442826ab7d5de1
SSDEEP

1536:Y3GfaJfCnTBIcdlKaZt+XBu6FugXxb+utXLZwXWwD+nJGpOfUWuUtKtNDXxoB63k:YxaTBpdvWhugX7t7ZwMJGMMWLymB63k

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2145e91ffbd00b642a0cca18aa3aba488fa84c0f9cb1d3014637f80970890d64

Files

2145e91ffbd00b642a0cca18aa3aba488fa84c0f9cb1d3014637f80970890d64
.exe windows:4 windows x86 arch:x86

b92a0debf087571b4c58dcb5b899da90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

LoadIconA

msvcrt

exit

advapi32

RegCloseKey

Sections

.MPRESS1
Size: 90KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE