a4cc6dd1267e4442fa79c076a10f04696f4fcc3722df86d84df37731bcf46d82 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4cc6dd1267e4442fa79c076a10f04696f4fcc3722df86d84df37731bcf46d82
Size

3.3MB
MD5

e02c56e8b6989e1bce46a2a80e1c6065
SHA1

be21739aba49f471f98f3b28df07d449b7db9784
SHA256

a4cc6dd1267e4442fa79c076a10f04696f4fcc3722df86d84df37731bcf46d82
SHA512

fae0002995b44137f2ed6ae7060ce1048407880f336df538788ebc261888bfda543aa55666327bf363ac20833dbd94586b989e091d360a41cbad065b32f107e1
SSDEEP

49152:IjikEoKADeNoOoVrYgSfSodHHKjWD8/o6eiddQ0LrEhnPfSpNh9lCbrMhQKBQz/S:EEqOoVraKj3omp/EhPapNp0MhQKBQzK

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4cc6dd1267e4442fa79c076a10f04696f4fcc3722df86d84df37731bcf46d82

Files

a4cc6dd1267e4442fa79c076a10f04696f4fcc3722df86d84df37731bcf46d82
.exe windows:4 windows x86 arch:x86

589d48ed984f9485ea294725b3e3f1f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

MessageBoxA

advapi32

RegFlushKey

oleaut32

SafeArrayCreate

Sections

.MPRESS1
Size: 282KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE