fa55425aa607255f146f2a578a50ff3cb1603d36d0b40f8edb37749c7d9b3dbd | Triage

Sharing

General

Target

fa55425aa607255f146f2a578a50ff3cb1603d36d0b40f8edb37749c7d9b3dbd
Size

203KB
MD5

4348a584a4ac4793e4eb3f09a101e348
SHA1

863f92f4761d9db225849cf8a4f0feb852475a3d
SHA256

fa55425aa607255f146f2a578a50ff3cb1603d36d0b40f8edb37749c7d9b3dbd
SHA512

1a56a792d474c1a427ac0f663e1589edf75af13e1ff5e4a43f503d83bd260fccadb505ea2516cd00cf8d7134cfbdcb1845205a65db20f525d06afa8f24d1a757
SSDEEP

3072:hXZhjXKappnWS6RRu8Q7Dxk1mP3f5OVg2d6Bn8eEH:hJh2afnFp847P3t2d6Bn8eEH

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa55425aa607255f146f2a578a50ff3cb1603d36d0b40f8edb37749c7d9b3dbd

Files

fa55425aa607255f146f2a578a50ff3cb1603d36d0b40f8edb37749c7d9b3dbd
.exe windows:5 windows x86 arch:x86

1f203e4dd7afaa9f052b96a5906b3d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndPaint

gdi32

BitBlt

advapi32

OpenProcessToken

shell32

ShellExecuteW

ws2_32

WSAStartup

Sections

.MPRESS1
Size: 151KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE