f9a92f0cbad9f1a4c13d0131b207a4d6d870216023da94bb6de301c99cb53f6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9a92f0cbad9f1a4c13d0131b207a4d6d870216023da94bb6de301c99cb53f6f
Size

178KB
MD5

cbf03c2ea6f6cd2f5d89886736cc245b
SHA1

87001ee4c5d47bfb056d5c5c4f3f671bdb54cb38
SHA256

f9a92f0cbad9f1a4c13d0131b207a4d6d870216023da94bb6de301c99cb53f6f
SHA512

1da47472dae15a2e301766dfaa2ba01a380cadfd67af5ee8d537663ccf34d622b7796bd17794764e5192394031dd9ed19441b3dd6e1c6d95647145d063cb4120
SSDEEP

3072:wCMiqJl3v1S4AsvdhxBz8bNk/AKItB/pL/s9hlSLUFWzS6YvQd2X:wCMzfM4vxBIO+XpDnUUzqX

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9a92f0cbad9f1a4c13d0131b207a4d6d870216023da94bb6de301c99cb53f6f

Files

f9a92f0cbad9f1a4c13d0131b207a4d6d870216023da94bb6de301c99cb53f6f
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 142KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE