3bb2b8b2fa488341ea6bfc40ef5d88f10464836f1d8d3584d7551941aae23fca | Triage

Sharing

General

Target

3bb2b8b2fa488341ea6bfc40ef5d88f10464836f1d8d3584d7551941aae23fca
Size

8.9MB
MD5

ba00b3759681e6147686fb4dcf70af5b
SHA1

e5eb582c2476c5269b70f96ec2b213cba3e158c9
SHA256

3bb2b8b2fa488341ea6bfc40ef5d88f10464836f1d8d3584d7551941aae23fca
SHA512

d49a96195c920764ec42cc873b40139378a00778916a824bf71b3cd2a1bf8fb658e143f5c500bcf8cf837186d275cbaad114ec9e5d704cc0e2cb64c053b2d528
SSDEEP

196608:HNwZEU2Wgby7ehbEkqLSRavQG8cftWokMEQGez+t/JmKmWzfT:twZr2pyChJqLS+bEQ5z+FzmW

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bb2b8b2fa488341ea6bfc40ef5d88f10464836f1d8d3584d7551941aae23fca

Files

3bb2b8b2fa488341ea6bfc40ef5d88f10464836f1d8d3584d7551941aae23fca
.exe windows:6 windows x64 arch:x64

79b3362178937bf9559741c46bb9e035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.MPRESS1
Size: 8.8MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ