5037fd694ff398578c328ab00e96b742eaefc307b34e4b9b8684eed7e429b3f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5037fd694ff398578c328ab00e96b742eaefc307b34e4b9b8684eed7e429b3f3
Size

134KB
MD5

882a4441cffdd2e39afac846bc716180
SHA1

8b9ef678e57533b6858d1630f37e6949290db8d8
SHA256

5037fd694ff398578c328ab00e96b742eaefc307b34e4b9b8684eed7e429b3f3
SHA512

809b1ac3190396e3963f62d090b6834583c6515ae2cd81da5eaf3fc677290c63a597fa1f61abab0b3dfeb85117c8244873eb7af602df6211f301f0d45e0446d2
SSDEEP

1536:8DfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:iiRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5037fd694ff398578c328ab00e96b742eaefc307b34e4b9b8684eed7e429b3f3

Files

5037fd694ff398578c328ab00e96b742eaefc307b34e4b9b8684eed7e429b3f3
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE