1f040ef650179128e69866bf3bdc5d5877f66088cf61bcb4c6b5e9f25e0b3fce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f040ef650179128e69866bf3bdc5d5877f66088cf61bcb4c6b5e9f25e0b3fce
Size

375KB
MD5

4bb68da80d8fc2a868db89cb29fb1197
SHA1

053d6b37fec85dfcf7aff39e576aee4b1cc62483
SHA256

1f040ef650179128e69866bf3bdc5d5877f66088cf61bcb4c6b5e9f25e0b3fce
SHA512

49f15288800ebf070e50a880526a2c70c78e993a5d20646abf2cff33e236d12ee82b554662d200370f943dbadb3cba55650792875ad90ef018996d3cfea70fb4
SSDEEP

3072:aR4jdNqTqHL+3phRrbhbDnMJmKbgeVMMZC9NbcpVBSwdpslwi8MM87cJc4vcqc8K:EafYphHMdbjMMqcC8MMtjyhX9+FLw

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f040ef650179128e69866bf3bdc5d5877f66088cf61bcb4c6b5e9f25e0b3fce

Files

1f040ef650179128e69866bf3bdc5d5877f66088cf61bcb4c6b5e9f25e0b3fce
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 163KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE