52f98f3b056e1c5be9ecd3e5644ccfa5a00bc99449e1a8a7134a24efe5a5d16e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52f98f3b056e1c5be9ecd3e5644ccfa5a00bc99449e1a8a7134a24efe5a5d16e
Size

390KB
MD5

b47884e0ed9964f777a5413ae0f29881
SHA1

897668ee8c12179d9a26e55483bd3fbd983f7ad8
SHA256

52f98f3b056e1c5be9ecd3e5644ccfa5a00bc99449e1a8a7134a24efe5a5d16e
SHA512

ba13c51d5df36aa08084b3575a2da91d4a265cebd06cf8bb930e6613488ee996165f856ea92ef0192f5a0228f5f91f858f0d8d76f3fcef8bcb42334cfeb9c686
SSDEEP

3072:NlYwDUWyFcB9fu+JMl2uU82Ws7f9sjboPACTQembG4hWP:NlfD1Yc7GIBgbzjbfLh0

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52f98f3b056e1c5be9ecd3e5644ccfa5a00bc99449e1a8a7134a24efe5a5d16e

Files

52f98f3b056e1c5be9ecd3e5644ccfa5a00bc99449e1a8a7134a24efe5a5d16e
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 382KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE