dce2ee0622a77a360c7eb69720ee00ed624b908b2404e5772a1f2a7416dbc495 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dce2ee0622a77a360c7eb69720ee00ed624b908b2404e5772a1f2a7416dbc495
Size

25KB
MD5

9654b870dc413423475a8da6c34eb6f2
SHA1

f3e125c5552a52c3e0ece205e15fc4219cbba9c3
SHA256

dce2ee0622a77a360c7eb69720ee00ed624b908b2404e5772a1f2a7416dbc495
SHA512

578ce03c960cb316c21077abc71d4690daf0bd9ea16a40e20e3fd3730a9c0db9852dc39f8052c17c9e641ed3cd237e8816a84129320732cae8a5e176520418a3
SSDEEP

384:YVeSrFqjmO/3zfNrP1T56TYpMYUzMk9hBcecystKqhMa82c7ky414z:YFNy3B1T5CN/zoyst/Mdn414z

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dce2ee0622a77a360c7eb69720ee00ed624b908b2404e5772a1f2a7416dbc495

Files

dce2ee0622a77a360c7eb69720ee00ed624b908b2404e5772a1f2a7416dbc495
.exe windows:4 windows x86 arch:x86

31d4e32d25a8edd50bc4643514faefe0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndDialog

msvcrt

exit

Sections

.MPRESS1
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 897B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE