00d4c75238a43ab88e3035df035c0855782fba9ad676b81c980e6816f7c6e163 | Triage

Sharing

General

Target

00d4c75238a43ab88e3035df035c0855782fba9ad676b81c980e6816f7c6e163
Size

134KB
MD5

8a6eb9e6d0d89251d6ea26e5c02a9ca8
SHA1

f844bf9ea8a3d1ce41d889300c13926aa0d363cb
SHA256

00d4c75238a43ab88e3035df035c0855782fba9ad676b81c980e6816f7c6e163
SHA512

b88df87f128761329fd0ab87268762f12948d14d0a66f3c059a400e51cc7329e8670d4e69110e4d07241906294d00d8f92270abe0db2b39bf92d0e53aa0737f8
SSDEEP

1536:nDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:DiRTeH0NqAW6J6f1tqF6dngNmaZC7M

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d4c75238a43ab88e3035df035c0855782fba9ad676b81c980e6816f7c6e163

Files

00d4c75238a43ab88e3035df035c0855782fba9ad676b81c980e6816f7c6e163
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE