cdb34e6e80f08918f6c3d33dc7d08a75bafa06485dcdee26c4c848c9644299f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdb34e6e80f08918f6c3d33dc7d08a75bafa06485dcdee26c4c848c9644299f5
Size

36KB
MD5

397b8d1178680c592705fe4b511f9e13
SHA1

eb6b961068dffc52d33fd1f0f8ee8e9b5f517279
SHA256

cdb34e6e80f08918f6c3d33dc7d08a75bafa06485dcdee26c4c848c9644299f5
SHA512

7139ca8dccf9aa04f71898a7f300648fe1b54ade1bf37dbdca966408e2d5c79c86d2e25df6abc0833d2f1096ed1c2e7ff9e82a41680bc0d1273ab5e9e4bb688f
SSDEEP

768:lwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647DE:lwbYP4nuEApQK4TQbtY2gA9DX+ytBOy

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdb34e6e80f08918f6c3d33dc7d08a75bafa06485dcdee26c4c848c9644299f5

Files

cdb34e6e80f08918f6c3d33dc7d08a75bafa06485dcdee26c4c848c9644299f5
.exe windows:5 windows x86 arch:x86

5b4e734e734027217722fe4eb0093f3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

FreeSid

shell32

ord680

wininet

InternetOpenA

Sections

.MPRESS1
Size: 30KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE