Behavioral task
behavioral1
Sample
8093923e01c99fa25321b44e1de4ffe2d07503913acd7ea24276273ae92bd793.exe
Resource
win7-20240221-en
General
-
Target
8093923e01c99fa25321b44e1de4ffe2d07503913acd7ea24276273ae92bd793
-
Size
453KB
-
MD5
21b9b58fa2aa01359b6d84e2b402ea66
-
SHA1
486d4169c82b0574e3c8d65c67dd123d539f67ed
-
SHA256
8093923e01c99fa25321b44e1de4ffe2d07503913acd7ea24276273ae92bd793
-
SHA512
d2fe91817f56f74453d00d0eb4d49e4cca22960a51d7d9eaa2d59cb660e4b0207c429e53505a9630f7fb58a6cebc92b827b0f5727fcf65e5ae8d3dd5c9477468
-
SSDEEP
6144:Z8efQ6QPJGcLbjg0YSZK4UnUHOkb8734A2P6gt99Wvtxrpp29xSE3v/:c6QPJGcE0XKRg04zPZt9mtPON/
Malware Config
Signatures
-
Detects executables built or packed with MPress PE compressor 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_MPress -
Urelas family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8093923e01c99fa25321b44e1de4ffe2d07503913acd7ea24276273ae92bd793
Files
-
8093923e01c99fa25321b44e1de4ffe2d07503913acd7ea24276273ae92bd793.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.MPRESS1 Size: 395KB - Virtual size: 404KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 47KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE