40cd90feea9b35d138b78aa98c39e86d6aed424ad90963f6ee02749de63432c3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

40cd90feea9b35d138b78aa98c39e86d6aed424ad90963f6ee02749de63432c3.exe
Size

363KB
MD5

98978c705e7a64b2d3fffa565892ddab
SHA1

b6985aaf3ac01a8742f2d0dcf3d8c0db12752e3f
SHA256

40cd90feea9b35d138b78aa98c39e86d6aed424ad90963f6ee02749de63432c3
SHA512

87984a0d2b3a5e31b00e590928aafcbb9721d3a5a820fbb936673ad753e960d64e05a09c7db9fbd62bceea3dcf1c6b8eb95456c6005db75af4eb2e1dccafa92a
SSDEEP

6144:YjSQqWg/8GzhvLKjotsaGc3vIQEup/ZQUi6i3yRmljf82Q7diEeB:YjSQ9g8GzhvuMJIQPpS/vyBb7LeB

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Files

40cd90feea9b35d138b78aa98c39e86d6aed424ad90963f6ee02749de63432c3.exe
.exe windows:5 windows x86 arch:x86

1343ca50d234527bf272645d6db0664b

Code Sign

3c:27:30:3a:6d:1f:01:b1:4c:28:10:4a:b9:1c:12:e8
Certificate

Issuer

CN=Haims_ESC GangPung CA

Not Before

27/03/2023, 01:12

Not After

31/12/2039, 23:59

Subject

CN=Haims_ESC GangPung CA

8e:73:05:8e:29:0e:36:c0:f9:7d:9e:f6:23:f8:e2:c0:f3:e0:fb:7c
Signer

Actual PE Digest

8e:73:05:8e:29:0e:36:c0:f9:7d:9e:f6:23:f8:e2:c0:f3:e0:fb:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetOpenFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

OleLoadPicture

Sections

.MPRESS1
Size: 334KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1343ca50d234527bf272645d6db0664b

Code Sign

3c:27:30:3a:6d:1f:01:b1:4c:28:10:4a:b9:1c:12:e8Certificate

8e:73:05:8e:29:0e:36:c0:f9:7d:9e:f6:23:f8:e2:c0:f3:e0:fb:7cSigner

Headers

File Characteristics

Imports

kernel32

wsock32

winmm

version

comctl32

psapi

wininet

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 334KB - Virtual size: 912KB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 23KB - Virtual size: 22KB

3c:27:30:3a:6d:1f:01:b1:4c:28:10:4a:b9:1c:12:e8
Certificate

8e:73:05:8e:29:0e:36:c0:f9:7d:9e:f6:23:f8:e2:c0:f3:e0:fb:7c
Signer

.MPRESS1
Size: 334KB - Virtual size: 912KB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 23KB - Virtual size: 22KB