19b8bd69bacbebedd41c0470fb3201e5512ec2a41fb11d4394fd198a8eb392b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19b8bd69bacbebedd41c0470fb3201e5512ec2a41fb11d4394fd198a8eb392b6
Size

576KB
MD5

648a342c16ac6b370f3221b141ed9d93
SHA1

2edc51d208021a02e0ad83ee17992c97fde108e9
SHA256

19b8bd69bacbebedd41c0470fb3201e5512ec2a41fb11d4394fd198a8eb392b6
SHA512

712dc61bf49732ecde2871578e057b7f7f955168f04cf71d126aad679f116f784086827796922ab05e86bad40bb946ce7bd9b578dfcfa4a84be6ad38b418f134
SSDEEP

6144:53OOCKLlcPKJEld2zJQPfuSlMHyaXXu6FQGkcC+V5R5azYBONNYJIBtFc:FOOZpUtlwX+zc7V5Rn1JY

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19b8bd69bacbebedd41c0470fb3201e5512ec2a41fb11d4394fd198a8eb392b6

Files

19b8bd69bacbebedd41c0470fb3201e5512ec2a41fb11d4394fd198a8eb392b6
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.MPRESS1
Size: 440KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE