f52e5533384c3590870745aad0f16bec997702226f1f6889ab3977b5f19513d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f52e5533384c3590870745aad0f16bec997702226f1f6889ab3977b5f19513d1
Size

148KB
MD5

7032dc06ea7e5e3fb47eba4930a43591
SHA1

d30622e8a70a9e8fb284d47df8ec68443b8799c9
SHA256

f52e5533384c3590870745aad0f16bec997702226f1f6889ab3977b5f19513d1
SHA512

5d9a80f5b3a39489f2311045202ec5e4d4bf6eda2b23976e2fcfccde6a1c1852bafee5e0826443194ddbe26e625e1947e8fa141588565876db56fda20b9c4776
SSDEEP

3072:2CMiqJl3v1S4AsvdhxBz8bNk/AKItB/pL/s9hlSLUFWzf:2CMzfM4vxBIO+XpDnUUzf

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f52e5533384c3590870745aad0f16bec997702226f1f6889ab3977b5f19513d1

Files

f52e5533384c3590870745aad0f16bec997702226f1f6889ab3977b5f19513d1
.exe windows:1 windows x86 arch:x86

42db3a9eec38e38518b0e27d21bdf33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
GetStartupInfoA
lstrlenA
LoadLibraryA
GetModuleHandleA
GetProcAddress

crtdll

__GetMainArgs
exit
raise
signal

user32

GetDlgItemInt
SetTimer
KillTimer
LoadIconA
ShowWindow
LoadStringA
SendMessageA
GetDlgItem
wsprintfA
MessageBoxA
ReleaseDC
GetDC
GetSystemMetrics
InvalidateRect
EndPaint
BeginPaint
LoadCursorA
PostMessageA
PostQuitMessage
DialogBoxParamA
EndDialog
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.MPRESS1
Size: 142KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SCY
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE