e8f2bdfee84e9ea033b8a4f739ff5c16adf90590553757a5d07499b6de0134b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e8f2bdfee84e9ea033b8a4f739ff5c16adf90590553757a5d07499b6de0134b8
Size

1.5MB
MD5

bd9f6c022c456bb67e99ee59ebdbb327
SHA1

5ccb262d168038a5605afbcd196e99757a7861fb
SHA256

e8f2bdfee84e9ea033b8a4f739ff5c16adf90590553757a5d07499b6de0134b8
SHA512

64963fcab12178aa8c166532dc857e049b2223d0dffee475a1b1fc5602f45a6cb10f136bb4203edc2a8f28f1192ea3071bf38687b74549bd52a16eb1c0aba4b3
SSDEEP

3072:ZR4jdNqTqHL+3phRrbhsEExMusExvQF4ExM0ExMt:HafYphYq

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8f2bdfee84e9ea033b8a4f739ff5c16adf90590553757a5d07499b6de0134b8

Files

e8f2bdfee84e9ea033b8a4f739ff5c16adf90590553757a5d07499b6de0134b8
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 163KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE