385809c7f14ac5c31793770a58fd335ade593fc5657633b30ca6db5ddcdca458 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

385809c7f14ac5c31793770a58fd335ade593fc5657633b30ca6db5ddcdca458
Size

223KB
MD5

31a3ddb783437ed2bdcd7bcea1c02d02
SHA1

48f59bc29639b3b750abe32496f6fe71a85e17c4
SHA256

385809c7f14ac5c31793770a58fd335ade593fc5657633b30ca6db5ddcdca458
SHA512

c664f1cf7699be25022b68246a8536f38c2942cce60751c7295cde6fce98d61912a14e73eca8224eef7e44c38967212d46d0df56e95a87aee901dd75a5967ad6
SSDEEP

1536:WNTnFw/RhJ56CdgzjtrNVYTqDLl0yB135WFA+I1sBrH3pEQDNRrhTiZGZh2BgmQ+:JR4jdNqTqHL+3phRrbhogmQ+

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
385809c7f14ac5c31793770a58fd335ade593fc5657633b30ca6db5ddcdca458

Files

385809c7f14ac5c31793770a58fd335ade593fc5657633b30ca6db5ddcdca458
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 163KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE