9c814d13a5512b0f90ed0327ba2fe5baacc2a20b1bbda8288d5503e9163a8eae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c814d13a5512b0f90ed0327ba2fe5baacc2a20b1bbda8288d5503e9163a8eae
Size

52KB
MD5

81d8570a5ce4ee2e0e41ef054b959631
SHA1

838386b308e46529af9da5a7f8e11c0ceec7402f
SHA256

9c814d13a5512b0f90ed0327ba2fe5baacc2a20b1bbda8288d5503e9163a8eae
SHA512

c366e7b37f648e6fb9426d909254ae35dd3cf22da29ea62e0cabbcbb85bfe0f3f9ed40dbbb8f44909e7eba3680529439f6f21cf8d98a083fa883e024e40e1ced
SSDEEP

768:xLzrPIsVU080KYmz/IfhX5GaeimBYsHotogR8ARwre7zgVqMNWcRFD7DpDD:lvU080dGSh4Fb08ATzgV5Wcf

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c814d13a5512b0f90ed0327ba2fe5baacc2a20b1bbda8288d5503e9163a8eae

Files

9c814d13a5512b0f90ed0327ba2fe5baacc2a20b1bbda8288d5503e9163a8eae
.exe windows:5 windows x86 arch:x86

77f51df9713d8759f46f198af959d5a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegOpenKeyA

Sections

.MPRESS1
Size: 42KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE