c579eda63e0d82a0e8864e6cffcade6e96468df42548f8fb136482887137fa0d

Sharing

Copy URL Twitter E-mail

General

Target

c579eda63e0d82a0e8864e6cffcade6e96468df42548f8fb136482887137fa0d
Size

5.7MB
MD5

5a91e50843ece4abcfe21e1d1efa26d7
SHA1

a8fd27ae6cde0bc701529dcf1e6e99fc8a5f81e3
SHA256

c579eda63e0d82a0e8864e6cffcade6e96468df42548f8fb136482887137fa0d
SHA512

c855450ddb2e9f9c529c6c2a834089f7814d212de8c6fe37387a034e16bfb42d297002f8ae0d6a1f1687fb3b13ae5b5eee4d577f94670c0ff733cc46f3a93d44
SSDEEP

98304:oRi11Khs7CF4eSDgQsEgCtQYVGWvJkZrs//dZOGDeANfclHVEZuUTSQjVkFme6/B:oEmhACF4enqtQYYUeRsndZD/clHV8uKx

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c579eda63e0d82a0e8864e6cffcade6e96468df42548f8fb136482887137fa0d

Files

c579eda63e0d82a0e8864e6cffcade6e96468df42548f8fb136482887137fa0d
.exe windows:5 windows x86 arch:x86

a0010f9a44f8bab2b514911355945c90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

MultiByteToWideChar
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

atl

ord47

gdi32

DeleteDC

gdiplus

GdipDrawRectangle

msimg32

TransparentBlt

msvcrt

strncmp

ole32

CreateStreamOnHGlobal

oleaut32

SysAllocString

shell32

DragAcceptFiles

shlwapi

PathFileExistsA

user32

AppendMenuA
CharUpperBuffW

wininet

HttpQueryInfoA

Sections

.MPRESS1
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.htext
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4)`
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wv5
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Oi5
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0010f9a44f8bab2b514911355945c90

Headers

File Characteristics

Imports

kernel32

atl

gdi32

gdiplus

msimg32

msvcrt

ole32

oleaut32

shell32

shlwapi

user32

wininet

Sections

.MPRESS1 Size: - Virtual size: 576KB

.MPRESS2 Size: - Virtual size: 4KB

.imports Size: - Virtual size: 4KB

.htext Size: - Virtual size: 8KB

.4)` Size: - Virtual size: 3.1MB

.wv5 Size: 2KB - Virtual size: 1KB

.Oi5 Size: 5.7MB - Virtual size: 5.7MB

.MPRESS1
Size: - Virtual size: 576KB

.MPRESS2
Size: - Virtual size: 4KB

.imports
Size: - Virtual size: 4KB

.htext
Size: - Virtual size: 8KB

.4)`
Size: - Virtual size: 3.1MB

.wv5
Size: 2KB - Virtual size: 1KB

.Oi5
Size: 5.7MB - Virtual size: 5.7MB