c00dfd107fff396397a1038bf55681d98e6233e2e7ca916af342fcb3cebb1369 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c00dfd107fff396397a1038bf55681d98e6233e2e7ca916af342fcb3cebb1369
Size

124KB
MD5

2226310263ebbe58a05588fe02f5fe54
SHA1

6ea11e387b4605e0da397ca58a4469044930499a
SHA256

c00dfd107fff396397a1038bf55681d98e6233e2e7ca916af342fcb3cebb1369
SHA512

2c05126135028bb4fa298538217fc03a1670495ff09352e41bd27c02ec9cf5a2b8d3f7603efc6523604e1c864471b41ba22be5ed96efdc92013babd6bebcb497
SSDEEP

384:tKX/YpauYp2Mq5S5GBpk/1S18EZUS0UxlSN7hAxIT0puKZFlmjYrNQjsf:IcWYr8k24N0UxhaT0puKZFQjVq

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c00dfd107fff396397a1038bf55681d98e6233e2e7ca916af342fcb3cebb1369

Files

c00dfd107fff396397a1038bf55681d98e6233e2e7ca916af342fcb3cebb1369
.exe windows:5 windows x86 arch:x86

e836076a09dba03e4d6faa46dda0fefc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wininet

HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetReadFile
InternetConnectW
InternetOpenW

kernel32

GetTempPathW
GetFileSize
GetCurrentDirectoryW
DeleteFileW
CloseHandle
WriteFile
lstrcmpW
ReadFile
GetModuleHandleW
ExitProcess
HeapCreate
HeapAlloc
GetModuleFileNameW
CreateFileW
lstrlenW

user32

wsprintfW

shell32

ShellExecuteW

Sections

.MPRESS1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE