3d01d9ec2bbfbb66eae894ec515b0a11f024b20925148ee3d135ee07dcea0aff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d01d9ec2bbfbb66eae894ec515b0a11f024b20925148ee3d135ee07dcea0aff
Size

360KB
MD5

860ee70c5b242e2670418e5a9a20cb22
SHA1

98b60ab8c653dcb876fd808d8e25d22a07bcdaa5
SHA256

3d01d9ec2bbfbb66eae894ec515b0a11f024b20925148ee3d135ee07dcea0aff
SHA512

465c0abf49f34aa4ecc8414fcdf6c09fa1ffe418d3bde24889b7a6370abf35ec11bdeadf7262c2d62aa7d80b966b198fe1622339f1c700ecf393911d39542864
SSDEEP

6144:9JuXtXxog5E+FWPNfrf6yGEssQxNpbMcNs6+X7jINs6+X7j:38XNE+FuNfrSyGEssQJ66+X/l6+X/

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d01d9ec2bbfbb66eae894ec515b0a11f024b20925148ee3d135ee07dcea0aff

Files

3d01d9ec2bbfbb66eae894ec515b0a11f024b20925148ee3d135ee07dcea0aff
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 170KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE