0aa137bdc8349f20e64e06aa1bbeb5658bcad245d67320f2d316f8ecd7f87d69 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0aa137bdc8349f20e64e06aa1bbeb5658bcad245d67320f2d316f8ecd7f87d69
Size

190KB
MD5

583c7637c63e263934cf896320f2761c
SHA1

64a5dd0978a388b63586e06620fa7e34625fa539
SHA256

0aa137bdc8349f20e64e06aa1bbeb5658bcad245d67320f2d316f8ecd7f87d69
SHA512

1ca4e727638e59479fcf792f68847585710424a7a2dab98b6aabf8424d34ae7fdd30dede68d3b4644125fed183f1212e7bdd828b0b4b21a09e9253250c51e379
SSDEEP

3072:aJLkeg9pVM1orjoB+EgZrurc1qVel1/SB85CaHBtx3GOen648FsdbG:yLo3VMUjD1/woj/SB85CaHBP9enuudG

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0aa137bdc8349f20e64e06aa1bbeb5658bcad245d67320f2d316f8ecd7f87d69

Files

0aa137bdc8349f20e64e06aa1bbeb5658bcad245d67320f2d316f8ecd7f87d69
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 180KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE