49b9e7a229342a7f5621ae6c14ed0c74dfca2765f754e65153700999e3852acd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49b9e7a229342a7f5621ae6c14ed0c74dfca2765f754e65153700999e3852acd
Size

155KB
MD5

e31d0ce862e05f7d42d224a20e8cd872
SHA1

9ae15ba88707a911f19166b6b3ebe2256945adab
SHA256

49b9e7a229342a7f5621ae6c14ed0c74dfca2765f754e65153700999e3852acd
SHA512

7a05db7d370b8c0db5bc3792d9df3bd2f641e770239c38e511270c00993b45156e8da4e86c3c2fb7b30854befcd4cc604aa3144c22cf22eb9b5f0d42e8e9b75e
SSDEEP

3072:oDBH9p/3K+AEkzgXrGqJM4qd3bGjhkqsXS:29pTAEkz6rGq4Bbq2S

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49b9e7a229342a7f5621ae6c14ed0c74dfca2765f754e65153700999e3852acd

Files

49b9e7a229342a7f5621ae6c14ed0c74dfca2765f754e65153700999e3852acd
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 148KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE