urelas | 7266a057dd8be85da257f9f848990cb42347d0e0aa113af0e55ca1ee688c8554 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7266a057dd8be85da257f9f848990cb42347d0e0aa113af0e55ca1ee688c8554
Size

454KB
MD5

95b94a804da89713cd291706330ab7e5
SHA1

2673548cd418768899418cd4371c28483ad06971
SHA256

7266a057dd8be85da257f9f848990cb42347d0e0aa113af0e55ca1ee688c8554
SHA512

52a9e10f955566a6e47f6f68af9801c7b39e814017edb9299091a83de2de62dbe43f2afc98e010a6c223ab9384c5e4b77ebb0acac3b52f89d94ffa2fc6a54af7
SSDEEP

6144:Z8efQ6QPJGcLbjg0YSZK4UnUHOkb8734A2P6gt99Wvtxrpp29xSE3vr:c6QPJGcE0XKRg04zPZt9mtPONr

Score

10^/10

urelas

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7266a057dd8be85da257f9f848990cb42347d0e0aa113af0e55ca1ee688c8554

Files

7266a057dd8be85da257f9f848990cb42347d0e0aa113af0e55ca1ee688c8554
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 395KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE