4d879828c41d40594977cdf5a862da7a1e434c59c3dd44a49838c1911c6f371b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d879828c41d40594977cdf5a862da7a1e434c59c3dd44a49838c1911c6f371b
Size

2.3MB
MD5

a9082419d6bec2f073ff527e978aa519
SHA1

a6079742df54430f468ef51464c4d4bb66f8a0ae
SHA256

4d879828c41d40594977cdf5a862da7a1e434c59c3dd44a49838c1911c6f371b
SHA512

610a59bc214cf67dc3836effccd40787214f0b2e34e67b6e32dab8f3c0d2bb45558eb5b43a25662456615eecd5c09dd4a21d44cbb43fa89be0a9f0d9b3df80a8
SSDEEP

49152:l46qaa9URj3TT4Ty9VSFvpsZsMXp+oTdJlBQD08SWp/P+PmdneL2:l46HsURM2V0sZs2+WPbQXSWp/2eNeL2

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d879828c41d40594977cdf5a862da7a1e434c59c3dd44a49838c1911c6f371b

Files

4d879828c41d40594977cdf5a862da7a1e434c59c3dd44a49838c1911c6f371b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.MPRESS1
Size: 578KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE