432f06fde9448159226e9340df6117c372d2e0e371d98318698d1bc169eb5785 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

432f06fde9448159226e9340df6117c372d2e0e371d98318698d1bc169eb5785
Size

40KB
MD5

de6e1b13b3feff1146472921e699d99f
SHA1

0740dfbe7cc8382918b0b8d0f2eb388c8299f1a1
SHA256

432f06fde9448159226e9340df6117c372d2e0e371d98318698d1bc169eb5785
SHA512

efe84e64128cd83733cd26c633f690c8c00816b7f3b11ba7c7701d795905e0351280e0b1edc8e1383e9715610012ef2caf42e9f03287dc5f174dc58423241983
SSDEEP

768:uv4MEc04ZzLh3VtAghWjg8qstaNC7WlH8VTrf7AshVN/OEC:uwMEcVLh3QghuGCqV8V3zhbC

Score

10^/10

Malware Config

Signatures

Detects executables packed with eXPressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_eXPressor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
432f06fde9448159226e9340df6117c372d2e0e371d98318698d1bc169eb5785

Files

432f06fde9448159226e9340df6117c372d2e0e371d98318698d1bc169eb5785
.exe windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 19KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ