725fdbc57262015e2d137cc41904dbe59683e17b344452b04733ac236014945f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

725fdbc57262015e2d137cc41904dbe59683e17b344452b04733ac236014945f
Size

169KB
MD5

3aaff3910a5287beed2665e382af6def
SHA1

58cac317b83492e2de1bbb6111aaf904f1dbdaa9
SHA256

725fdbc57262015e2d137cc41904dbe59683e17b344452b04733ac236014945f
SHA512

3c39d7fcf563e8c30c2c997c1fb69b2c6dfd3feda19f85e32bf2a7457e20bc77ccd3726173a48d8332416198abc91932cf3c6bc4ef4dd303d050b34dd4c1d2c3
SSDEEP

3072:7W6h6Y6DxQKBL+UjcvS5is6vZX5Kv8S138WtA7Kzfk0saRE0:7W6h6NR+Uw80g9XA78fJsaRE0

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
725fdbc57262015e2d137cc41904dbe59683e17b344452b04733ac236014945f

Files

725fdbc57262015e2d137cc41904dbe59683e17b344452b04733ac236014945f
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 160KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE