569f554ce8a3002d66c40cc127cde46fe79b95b17a55a99be6dbc22362655ea7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

569f554ce8a3002d66c40cc127cde46fe79b95b17a55a99be6dbc22362655ea7
Size

148KB
MD5

9ab735a25287ef78be254d50d28ac8ac
SHA1

c41a44525d5511409712807a4f1f9639474570ad
SHA256

569f554ce8a3002d66c40cc127cde46fe79b95b17a55a99be6dbc22362655ea7
SHA512

960fa64c60fca3cf24b1bdc6424f9b2e1dabe5789f5d626a01377b28633c88ee543a74ead13955f7b2d22e5de73d79df801eab53adf132dccfeb7123bbe304af
SSDEEP

3072:2CMiqJl3v1S4AsvdhxBz8bNk/AKItB/pL/s9hlSLUFWzM:2CMzfM4vxBIO+XpDnUUzM

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
569f554ce8a3002d66c40cc127cde46fe79b95b17a55a99be6dbc22362655ea7

Files

569f554ce8a3002d66c40cc127cde46fe79b95b17a55a99be6dbc22362655ea7
.exe windows:1 windows x86 arch:x86

42db3a9eec38e38518b0e27d21bdf33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
GetStartupInfoA
lstrlenA
LoadLibraryA
GetModuleHandleA
GetProcAddress

crtdll

__GetMainArgs
exit
raise
signal

user32

GetDlgItemInt
SetTimer
KillTimer
LoadIconA
ShowWindow
LoadStringA
SendMessageA
GetDlgItem
wsprintfA
MessageBoxA
ReleaseDC
GetDC
GetSystemMetrics
InvalidateRect
EndPaint
BeginPaint
LoadCursorA
PostMessageA
PostQuitMessage
DialogBoxParamA
EndDialog
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.MPRESS1
Size: 142KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SCY
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE