2008dafbc98ec3b1a9c726c2ecb4e9383d72dad51e50e236a8e5f5517e602fae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2008dafbc98ec3b1a9c726c2ecb4e9383d72dad51e50e236a8e5f5517e602fae
Size

4.7MB
MD5

db30bd5aa5013437e1b3809d0d91e457
SHA1

38e09feacda9b2a1ca9f75f65cd7c3e57ecde428
SHA256

2008dafbc98ec3b1a9c726c2ecb4e9383d72dad51e50e236a8e5f5517e602fae
SHA512

42e94bc1d98ac1e5f0fb08f8a7c2f48e02fe9ad94b523a2fa23b16c139e11992d0559fcf8e35364f4cfb66e698be9b4a17e8e4a95207ff93cb3542bb985a4c34
SSDEEP

98304:+2peWinpzB6ErbzI9/TdOYcwsqz8BdZVwOlgJoAQDYkrcb45zby4ObNmFzNOjdUZ:+2peWin5Bnr4RTDcwsqyjVNAaYkrXtWf

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2008dafbc98ec3b1a9c726c2ecb4e9383d72dad51e50e236a8e5f5517e602fae

Files

2008dafbc98ec3b1a9c726c2ecb4e9383d72dad51e50e236a8e5f5517e602fae
.exe windows:4 windows x86 arch:x86

352076988d721cb1582ca7ada28f5c79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

PatBlt

winmm

waveOutOpen

winspool.drv

ClosePrinter

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

OleRun

oleaut32

VariantCopyInd

comctl32

ord17

ws2_32

ioctlsocket

comdlg32

ChooseColorA

Sections

.MPRESS1
Size: 4.6MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE