9e12e4b998a436981d57ee65b90fd109c888cbc39c1b216d53cb9f80ff924cb6

General

Target

9e12e4b998a436981d57ee65b90fd109c888cbc39c1b216d53cb9f80ff924cb6
Size

115KB
MD5

bcc074e1a4ec986e13bb18512157424e
SHA1

85bc0363688da1e985572bc0217b88d924d3fe3d
SHA256

9e12e4b998a436981d57ee65b90fd109c888cbc39c1b216d53cb9f80ff924cb6
SHA512

0c66e276ae7417b41e430fdf594d575dfdeb72847f14dcce0d7ab3b01b730d2fa5f908be4448684a7b8f8d522036c1cc69d9549224c924ac875a69b7cfe4b881
SSDEEP

768:qSqGCQo7QLGCQYHyYQX8DzbZEBHaCQhi9GHT:qSkm7EabZK3QhGuT

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e12e4b998a436981d57ee65b90fd109c888cbc39c1b216d53cb9f80ff924cb6

Files

9e12e4b998a436981d57ee65b90fd109c888cbc39c1b216d53cb9f80ff924cb6
.exe windows:5 windows x86 arch:x86

731679601c856adef7f532ff8eb87d13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA

gdi32

CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps

winmm

mciSendStringA

msacm32

acmStreamOpen

kernel32

GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary

ole32

CoCreateInstance

Sections

.MPRESS1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

731679601c856adef7f532ff8eb87d13

Headers

File Characteristics

Imports

user32

gdi32

winmm

msacm32

kernel32

ole32

Sections

.MPRESS1 Size: 28KB - Virtual size: 28KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 68KB - Virtual size: 68KB

.MPRESS1
Size: 28KB - Virtual size: 28KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 68KB - Virtual size: 68KB