f3c9b1a2ec323c053f4e7b8b155f384c5c576cfeea07ff8380e9d6fc27e8b228 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f3c9b1a2ec323c053f4e7b8b155f384c5c576cfeea07ff8380e9d6fc27e8b228
Size

52KB
MD5

27b268f9774d88bbdb86b244009caf2b
SHA1

14b44731c224460c17408d23263db99a94d78c22
SHA256

f3c9b1a2ec323c053f4e7b8b155f384c5c576cfeea07ff8380e9d6fc27e8b228
SHA512

4e999647b160227aed125e0d207eedf1358de24557c4c7cccd206325f8de7e84657465d0173187deca091dc9090e122350007687fc0d91c5393908f588734ff9
SSDEEP

768:Uv4MEc04ZzLh3VtAghWjg8qstaNC7WlH8VTrf7AshVN/OEu:UwMEcVLh3QghuGCqV8V3zhbu

Score

10^/10

Malware Config

Signatures

Detects executables packed with eXPressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_eXPressor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3c9b1a2ec323c053f4e7b8b155f384c5c576cfeea07ff8380e9d6fc27e8b228

Files

f3c9b1a2ec323c053f4e7b8b155f384c5c576cfeea07ff8380e9d6fc27e8b228
.exe windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 19KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ