1e809e672d3edadc23877697cefa5301eb7ea4b3bfe466813fe60951b77d4844 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e809e672d3edadc23877697cefa5301eb7ea4b3bfe466813fe60951b77d4844
Size

358KB
MD5

025eee56689f2f21e4a924d8d253b1d2
SHA1

66de6ddcb51fe317ca807b4dd7ae3eb664058977
SHA256

1e809e672d3edadc23877697cefa5301eb7ea4b3bfe466813fe60951b77d4844
SHA512

0d6bee882fefa1c2c00e77379af0eb077e1bd0d6e50fafea58de71ff6df37956bb3967f513033067760e211ea4d229c10b3da0084a6d4b011812ebebbc8b4044
SSDEEP

6144:HrnkP+6bB0H9rj3fMobS1bS5pwWbS3b8ohnkP+6b5thbSVjC7bSxbS9jMXP9ZbSA:HQ+Qu9piwpwIG5C+Etd2eXe/P9leqf

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e809e672d3edadc23877697cefa5301eb7ea4b3bfe466813fe60951b77d4844

Files

1e809e672d3edadc23877697cefa5301eb7ea4b3bfe466813fe60951b77d4844
.exe windows:4 windows x86 arch:x86

667d2920f30825a569e99e87ab0b9e43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

atoi

oleaut32

GetErrorInfo

user32

wsprintfA

ws2_32

htons

Sections

.MPRESS1
Size: 17KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE