a20ef35e58c381fecf9a024d7a3ea0d96a67dc200f517d022a264f134b9ab587 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a20ef35e58c381fecf9a024d7a3ea0d96a67dc200f517d022a264f134b9ab587
Size

148KB
MD5

5272429b99b7f0e831da9b397d537dec
SHA1

06175a81ecc7dcefaf389343fc1644f385285e48
SHA256

a20ef35e58c381fecf9a024d7a3ea0d96a67dc200f517d022a264f134b9ab587
SHA512

09f50445150969808adf6c61a9c52ed38ae2cd2d11fc327487aaed62ded23f1afd2d6abdfaaa322a176949f817e24c99c0aac832517a6d552829f9a4c38fc9bd
SSDEEP

3072:2CMiqJl3v1S4AsvdhxBz8bNk/AKItB/pL/s9hlSLUFWzt:2CMzfM4vxBIO+XpDnUUzt

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a20ef35e58c381fecf9a024d7a3ea0d96a67dc200f517d022a264f134b9ab587

Files

a20ef35e58c381fecf9a024d7a3ea0d96a67dc200f517d022a264f134b9ab587
.exe windows:1 windows x86 arch:x86

42db3a9eec38e38518b0e27d21bdf33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
GetStartupInfoA
lstrlenA
LoadLibraryA
GetModuleHandleA
GetProcAddress

crtdll

__GetMainArgs
exit
raise
signal

user32

GetDlgItemInt
SetTimer
KillTimer
LoadIconA
ShowWindow
LoadStringA
SendMessageA
GetDlgItem
wsprintfA
MessageBoxA
ReleaseDC
GetDC
GetSystemMetrics
InvalidateRect
EndPaint
BeginPaint
LoadCursorA
PostMessageA
PostQuitMessage
DialogBoxParamA
EndDialog
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.MPRESS1
Size: 142KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SCY
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE