41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6 | Triage

Sharing

General

Target

41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6
Size

190KB
MD5

2904e1d18f4612385eb7f297ba159da9
SHA1

7120688825835a98b51e9dfbe558f8287fa57062
SHA256

41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6
SHA512

b019ff6c9b64d4e33675907175138e69663b4b5c7d8ae922788d66b676f89688ffd3cc741b336acecc96951ac09b865e2e5ca9727005eabbfdf2e5ea4898a99a
SSDEEP

1536:oxJXH2aHwM7saKGupZ1qG8DAR8bQykqQxuMZztsRo/bK4LsKL13lP47:oxQM7VupZ1BGvBQxufRq8

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6

Files

41e8139f94d496e49d81c0fe3e86358b22e8d15866b1315a4a80a35ae9793ad6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE