49e693dd070d940a296b551725ac512f797e752e584bd96f09c5a2c2946c808b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49e693dd070d940a296b551725ac512f797e752e584bd96f09c5a2c2946c808b
Size

894KB
MD5

f60447e155224ccc8d62212f134b64b9
SHA1

15b72492fb314e79fa1c36d28fd5f4825993e692
SHA256

49e693dd070d940a296b551725ac512f797e752e584bd96f09c5a2c2946c808b
SHA512

d2d4de01690a194e104a7d461289c2ed82b0309ecfc4becfb2efd33a563c72c8b0accd66478b7cd4b17d0c623a84adedc333e742dd474bcf14afe973e0390d38
SSDEEP

24576:IjiMkuEozwNTELveNi3vUhDop2P5eUFoR1:IjikEoKADeNi38uSIIoR1

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49e693dd070d940a296b551725ac512f797e752e584bd96f09c5a2c2946c808b

Files

49e693dd070d940a296b551725ac512f797e752e584bd96f09c5a2c2946c808b
.exe windows:4 windows x86 arch:x86

589d48ed984f9485ea294725b3e3f1f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

MessageBoxA

advapi32

RegFlushKey

oleaut32

SafeArrayCreate

Sections

.MPRESS1
Size: 282KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE