b33bfa3fac34003de0b3e535be007b57e36dace0155eafb620191f0af62b131f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b33bfa3fac34003de0b3e535be007b57e36dace0155eafb620191f0af62b131f
Size

103KB
MD5

ea7021d807c074c2248d37d65527dadf
SHA1

84062b91135803faded4892d938df04167dff896
SHA256

b33bfa3fac34003de0b3e535be007b57e36dace0155eafb620191f0af62b131f
SHA512

37e678d2fee88723676ffc5669057829c2fdc049c6760114f840ed5ab4341d874fbd650f66ca6f65c5ed6d37b25b89bba8c3fbdd3b823f6b1969b9b08f7382f0
SSDEEP

768:v/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqAJi+vtU6Aw7DyQ1TTGfjUWXU:vRsvcdcQjosnvoc6A1Q1co

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b33bfa3fac34003de0b3e535be007b57e36dace0155eafb620191f0af62b131f

Files

b33bfa3fac34003de0b3e535be007b57e36dace0155eafb620191f0af62b131f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 72KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE