05fd0ed42cd94add30abdf00cec4f6de02c83ecb2504f46d4d1aefd05f6ec57b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05fd0ed42cd94add30abdf00cec4f6de02c83ecb2504f46d4d1aefd05f6ec57b
Size

41KB
MD5

d4c9d7a91ee5308ef6a57cbbc24b9fca
SHA1

e3672b0243dc2c1388bd942c5e4daf4e8e0c7a16
SHA256

05fd0ed42cd94add30abdf00cec4f6de02c83ecb2504f46d4d1aefd05f6ec57b
SHA512

0d04a2d60154b40ee92e3a5b5f3f17874af8c2f9ca477157da4e1f6cefc95f1a1c61999e1f8a707adbedb8e56d1dca3c16928d299690c7a55b5d5a8d6b29ca18
SSDEEP

768:xIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77DPQ1TTGfGYhn:xI0OGrOy6NvSpMZrQ1J+

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05fd0ed42cd94add30abdf00cec4f6de02c83ecb2504f46d4d1aefd05f6ec57b

Files

05fd0ed42cd94add30abdf00cec4f6de02c83ecb2504f46d4d1aefd05f6ec57b
.exe windows:4 windows x86 arch:x86

79b3362178937bf9559741c46bb9e035

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.MPRESS1
Size: 19KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE