3ee7c4a87509229bfaf4a4cd5935a7c613dc3c8ffdd48d2b78fbad65949d9965 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ee7c4a87509229bfaf4a4cd5935a7c613dc3c8ffdd48d2b78fbad65949d9965
Size

472KB
MD5

fc4080e850ae0a1a03e78738567a7066
SHA1

6aea348da453fa16b4cab5bef91ebb71ede11edf
SHA256

3ee7c4a87509229bfaf4a4cd5935a7c613dc3c8ffdd48d2b78fbad65949d9965
SHA512

3261e9525c4f01b7c09256fd4bd88ddb4a96c366f1faa3273953658d13985d4ec7a34623ec59f35e9a44eaf6c94385d7f4cd77807ad4980ba69b50319617386c
SSDEEP

6144:fY+32WWluqvHpVmXWEjFJRWci+WUd20rUU5EYCTvaBju4zk9O6:AnWwvHpVmXpjJIUd2cUusvalxzk9O6

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ee7c4a87509229bfaf4a4cd5935a7c613dc3c8ffdd48d2b78fbad65949d9965

Files

3ee7c4a87509229bfaf4a4cd5935a7c613dc3c8ffdd48d2b78fbad65949d9965
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 457KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE