e1f10ded9377e6e736223aa4e1628bccaa64a519fa43ccb1dacf0fbccb03e94a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1f10ded9377e6e736223aa4e1628bccaa64a519fa43ccb1dacf0fbccb03e94a
Size

1.8MB
MD5

d76080caea4938d5dcee759ebb16aec0
SHA1

822a12ef15ed59e449592d5539f5d9de6b789c89
SHA256

e1f10ded9377e6e736223aa4e1628bccaa64a519fa43ccb1dacf0fbccb03e94a
SHA512

ff244851ff7a28e17e15df69beca2c98a112ca7c3a9daf972161901b1ea62abf877cff1f92f1d2e03fd541987320b0332d728d3d4e40dbff016ebe1941ee5431
SSDEEP

49152:9FSIY1UaQ/FSIY1UaQUY1UaQ/FS8Y1UaQ4UaQ/FSlk8Y1UaQj:9FSPlYFSPlglYFSzlrYFSOzlq

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1f10ded9377e6e736223aa4e1628bccaa64a519fa43ccb1dacf0fbccb03e94a

Files

e1f10ded9377e6e736223aa4e1628bccaa64a519fa43ccb1dacf0fbccb03e94a
.exe windows:4 windows x86 arch:x86

717b2626293cd57cdcfe059b5fd6afa7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

SaveDC

ole32

OleDraw

comctl32

ImageList_Add

shell32

ShellExecuteA

comdlg32

GetSaveFileNameA

netapi32

Netbios

winmm

sndPlaySoundA

Sections

.MPRESS1
Size: 378KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE