aa50c1ad65e1c0e315f8a2fba3f07b9e9928e9474d8e23f925bc04a37d37e85d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa50c1ad65e1c0e315f8a2fba3f07b9e9928e9474d8e23f925bc04a37d37e85d
Size

124KB
MD5

bdfbb03725e87bd31465b64fe3bf3807
SHA1

ba4bb1412dd6dbe60164ba3ca45ce7ff4dc94b84
SHA256

aa50c1ad65e1c0e315f8a2fba3f07b9e9928e9474d8e23f925bc04a37d37e85d
SHA512

ccc73000bd463a21bbc6a39597f849092abff6246ffef74cbf519a6014943f9f8a6d6d28169fdf66c1ea3592b99ea22c7634b1580b1ea6800b5ed07d2be3ef79
SSDEEP

3072:Dq8f/oic1i9uTAlPQSDwEyWefHEvGdxETCpPJ:u8f/U1iF/sUGdxET

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa50c1ad65e1c0e315f8a2fba3f07b9e9928e9474d8e23f925bc04a37d37e85d

Files

aa50c1ad65e1c0e315f8a2fba3f07b9e9928e9474d8e23f925bc04a37d37e85d
.exe windows:5 windows x86 arch:x86

ac92baf84ed1ae1c5f0fb7d23652858d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

SetTimer

shell32

ShellExecuteExW

ole32

CoInitializeEx

psapi

GetModuleBaseNameW

shlwapi

StrStrNIW

ntdll

memset

advapi32

RegFlushKey

msvcrt

__DestructExceptionObject

Sections

.didata
Size: 119KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE