47dbef16bf7b97ec9eae86063b3dfffbe49cc7ef5ce09481388b21919056fdba

General

Target

47dbef16bf7b97ec9eae86063b3dfffbe49cc7ef5ce09481388b21919056fdba
Size

35KB
MD5

73b0909c8c43e85d6aee2af9bfc35b02
SHA1

b32d1b89a06f7aed23afb0fa31c314386c7fe6c9
SHA256

47dbef16bf7b97ec9eae86063b3dfffbe49cc7ef5ce09481388b21919056fdba
SHA512

53dadd1fef46d5f12124acdc6302a000b4786ced33c41c98e81c56d5f347c1047f4fefdcfc893d8d3bdd5c6e433188b9b2cdbf9f43b75f4e840f7d3f860ba34a
SSDEEP

768:WfirwGxYoTm816hrAmlMZtMtA40hf7DMyRiy:si/Q/lMAtANl

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47dbef16bf7b97ec9eae86063b3dfffbe49cc7ef5ce09481388b21919056fdba

Files

47dbef16bf7b97ec9eae86063b3dfffbe49cc7ef5ce09481388b21919056fdba
.dll windows:4 windows x86 arch:x86

e23b2990e58346a0a026310d32a82b0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceA
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
GetLastError
CreateMutexA
lstrcmpiA
GetModuleFileNameA
WaitForSingleObject
GetTickCount
GetLogicalDrives
FindClose
FindNextFileA
SetFileAttributesA
CopyFileA
GetFileAttributesA
FindFirstFileA
lstrcpyA
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
FreeLibrary
SetEvent
CreateEventA
DisableThreadLibraryCalls
LoadLibraryA
lstrcatA
GetSystemDirectoryA

shell32

ord64

shlwapi

PathFindExtensionA
PathAppendA
PathFindFileNameA

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e23b2990e58346a0a026310d32a82b0a

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 700B

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 1024B - Virtual size: 522B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 700B

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 1024B - Virtual size: 522B