0b2cb3294e43671075eb8474fbbe1b471199507e1967d7c58ebe2a37c9d1149e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b2cb3294e43671075eb8474fbbe1b471199507e1967d7c58ebe2a37c9d1149e
Size

91KB
MD5

3d6ed0d4e38c6c23e98719b0c657f471
SHA1

34d3a26d6050bfc4c1a09b51fc6b8963076899f0
SHA256

0b2cb3294e43671075eb8474fbbe1b471199507e1967d7c58ebe2a37c9d1149e
SHA512

5db49f23c94c951eb79a2fb9c57df94ed9651e95ae8b1927b3c0608ac344693958bec8cb66e063d478823da6181ca97661db8f90c6114a27fecec18e2df3a3a3
SSDEEP

1536:zAwEmBZ04faWmtN4nic+6GmAwEmBZ04faWmtN4nic+6GL:zGms4Eton0mGms4Eton0L

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2cb3294e43671075eb8474fbbe1b471199507e1967d7c58ebe2a37c9d1149e

Files

0b2cb3294e43671075eb8474fbbe1b471199507e1967d7c58ebe2a37c9d1149e
.exe windows:4 windows x86 arch:x86

b876114877b29a61f9955d83081f159a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvbvm60

ord516

Sections

.MPRESS1
Size: 28KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE