e2b1a739c3e53a119f15c65b6dc796cfcdfaeaa0a155d409bdbe735608014416 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2b1a739c3e53a119f15c65b6dc796cfcdfaeaa0a155d409bdbe735608014416
Size

847KB
MD5

6936eaf8b6ad7feeaf850f0d10ade2f2
SHA1

ae920954fb162a8ede5b7bdb2e217029cce684ee
SHA256

e2b1a739c3e53a119f15c65b6dc796cfcdfaeaa0a155d409bdbe735608014416
SHA512

5f6f1ed4c7950e3acb755ed06d920ddbbf54b7b99cd6e22fc61442db18247b63144739703f9ead75a6745603181b7c184095081b4719d176288cb93b804ffc48
SSDEEP

12288:J7bhRf0tOiw9qLN3VCtzddjz+A5YR2YtojMG92D1yrmDAYefn9183vxRTNLNnJnd:J7bPfKoILLaf+R2gJyKe/9G3nBPRAIfv

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2b1a739c3e53a119f15c65b6dc796cfcdfaeaa0a155d409bdbe735608014416

Files

e2b1a739c3e53a119f15c65b6dc796cfcdfaeaa0a155d409bdbe735608014416
.exe windows:4 windows x86 arch:x86

f7d7aebc53da63d60a50b5993b57877a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

wsock32

send

Sections

.MPRESS1
Size: 32KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE