70145fbc7f0605cbbc6ee0b7d5663b95bea10eea81521543ffcfaa1696b5d26c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70145fbc7f0605cbbc6ee0b7d5663b95bea10eea81521543ffcfaa1696b5d26c
Size

472KB
MD5

1e9cd1bffe425e34cffba0492cdd269f
SHA1

b05e18dd68e7236693efab7c1129434b325393a3
SHA256

70145fbc7f0605cbbc6ee0b7d5663b95bea10eea81521543ffcfaa1696b5d26c
SHA512

d359529117c5405f2c18c412108837699535f434a837d34557dfe130004fb79f12d1ed1a26200b59ea99d4a8a4fa114572b20e90875f7e283f1fcf147ad21186
SSDEEP

6144:cY+32WWluqvHpVmXWEjFJRWci+WUd20rUU5EYCTvaBju4zk9Ou:3nWwvHpVmXpjJIUd2cUusvalxzk9Ou

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70145fbc7f0605cbbc6ee0b7d5663b95bea10eea81521543ffcfaa1696b5d26c

Files

70145fbc7f0605cbbc6ee0b7d5663b95bea10eea81521543ffcfaa1696b5d26c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 457KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE