2690d77f3a9cce34b7f7ee0faa40bd01d95678ae4e86b5c43555bbc6c53f7832 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2690d77f3a9cce34b7f7ee0faa40bd01d95678ae4e86b5c43555bbc6c53f7832
Size

840KB
MD5

9ee1e46c37abba4d56777f00b3790ca0
SHA1

ed6afd7562edc90862d7e610772714959da41ed7
SHA256

2690d77f3a9cce34b7f7ee0faa40bd01d95678ae4e86b5c43555bbc6c53f7832
SHA512

3ea8a99964b61d92253462ddd13ff6d22026bc43d17623879026ae38fc07c0a1087e36fafa585cda21dd15b60dfec53161b3aad6dfaa7671c9bbdcc8ef7fa789
SSDEEP

12288:cLxrAGc5LNMzHWFRlVoiBDkaWjfV5WV8TXyPaZTIQQ9oOJyBxBjkRDGmsJxC5ewU:cL2LNMUwiBD5WjfTWV8TCYkJU/wAk5e5

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2690d77f3a9cce34b7f7ee0faa40bd01d95678ae4e86b5c43555bbc6c53f7832

Files

2690d77f3a9cce34b7f7ee0faa40bd01d95678ae4e86b5c43555bbc6c53f7832
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 17KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ