Static task
static1
Behavioral task
behavioral1
Sample
529639919c857023c5c5176cfd4238be93c99fedca97f68a482fb23a2e8bba4c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
529639919c857023c5c5176cfd4238be93c99fedca97f68a482fb23a2e8bba4c.exe
Resource
win10v2004-20240226-en
General
-
Target
529639919c857023c5c5176cfd4238be93c99fedca97f68a482fb23a2e8bba4c
-
Size
927KB
-
MD5
79ae9042046cc2d9485dd5565635f091
-
SHA1
289f98a078622fa673d84215961057821d063a1c
-
SHA256
529639919c857023c5c5176cfd4238be93c99fedca97f68a482fb23a2e8bba4c
-
SHA512
490bb0e46488bb7d909ba69657cc5d163b8fc27c9465ac7267974b392cdafe1bc245d11568c238fc7ae998da6a2b80772be656a28bd061c2431bbaf1c67296ad
-
SSDEEP
24576:cL2LNMUwiBD5WjfTWV8TCYkJU/w9PtFPZTM:cL25BD5WjfT7kJUctFP+
Malware Config
Signatures
-
Detects executables built or packed with MPress PE compressor 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_MPress -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 529639919c857023c5c5176cfd4238be93c99fedca97f68a482fb23a2e8bba4c
Files
-
529639919c857023c5c5176cfd4238be93c99fedca97f68a482fb23a2e8bba4c.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.MPRESS1 Size: 17KB - Virtual size: 198KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ