89ca674b1e98b4b6826ac204b2438567cb8c2df70f799699fc546a2399801f04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89ca674b1e98b4b6826ac204b2438567cb8c2df70f799699fc546a2399801f04
Size

8.7MB
MD5

abd1283e7948b3dbbb6e27277084e4a4
SHA1

25b76e0f25dd0c66f916458e796727e126ce213e
SHA256

89ca674b1e98b4b6826ac204b2438567cb8c2df70f799699fc546a2399801f04
SHA512

cf3bddbd5e1c15440bb2882e7e8b2ae673d1e32ed8e84c0223b0c2a287ba0a84838b7a20b8bc8559e87fef4b1d71e94562efc3e757f39708057ce642dfe696ee
SSDEEP

98304:mQPjpz+H3172Yp4mX/IbkxqVWQOAfTXsVthDJltG2iQqZwURCz2mvLPnK/wlde9b:mWEXZvYqRhAU6QqV+2UPnKf+tOJ

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89ca674b1e98b4b6826ac204b2438567cb8c2df70f799699fc546a2399801f04

Files

89ca674b1e98b4b6826ac204b2438567cb8c2df70f799699fc546a2399801f04
.exe windows:6 windows x64 arch:x64

79b3362178937bf9559741c46bb9e035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.MPRESS1
Size: 8.6MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ