7d60366923a28ad97a728162276f55038aed73a454d0838e6a8d8daebdeb0172 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d60366923a28ad97a728162276f55038aed73a454d0838e6a8d8daebdeb0172
Size

280KB
MD5

9a1e96453e110dafcf3fffe2f54fa559
SHA1

0d0e967df5ff46633bba2557b42911fbd634c990
SHA256

7d60366923a28ad97a728162276f55038aed73a454d0838e6a8d8daebdeb0172
SHA512

1e146e8aaca971f9f06e010804a2c391b367167fb99019cf29ec48ee7adfcf9daa7f488cee8e2d0a85f28a5cbcb270d6cec3e359f3721fea727cd5b387f8f033
SSDEEP

3072:N25/vI3Dbc2N37nn7HOY49ip57nhOkkJRiNhvbQIk:m/vQbDTnz5rtOkkCNpQP

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d60366923a28ad97a728162276f55038aed73a454d0838e6a8d8daebdeb0172

Files

7d60366923a28ad97a728162276f55038aed73a454d0838e6a8d8daebdeb0172
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 271KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE