f4005b869316522ffe9d400554f263fd3c62395d8ab4ecd02b8dec4f95eecb45 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4005b869316522ffe9d400554f263fd3c62395d8ab4ecd02b8dec4f95eecb45
Size

221KB
MD5

d224c92d331773604b763ff394e65e86
SHA1

59160223ee530e1d43f887f6d8982d98f9f3003f
SHA256

f4005b869316522ffe9d400554f263fd3c62395d8ab4ecd02b8dec4f95eecb45
SHA512

7ec1d60620db3ec889b231115fd9f4b9d976637263a8760051cdf74a1c69147f58522bd3c9f73dc474555a6838d497eb742faff7d4a6afeaad413faa2807f9f4
SSDEEP

3072:GgjGHOhhUkqOC3+k6I2EssDgnE9a7YmM/zYPiaXNy14Tzo60XzUoSss/X:G43hRC3Jh2Esz7Ybiia9y1XDFs/

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4005b869316522ffe9d400554f263fd3c62395d8ab4ecd02b8dec4f95eecb45

Files

f4005b869316522ffe9d400554f263fd3c62395d8ab4ecd02b8dec4f95eecb45
.exe windows:1 windows x86 arch:x86

e3721b83de2a3d1345806455433421d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

comctl32

ImageList_Add

gdi32

SaveDC

ole32

IsEqualGUID

oleaut32

VariantClear

user32

GetDC

wsock32

send

Sections

.MPRESS1
Size: 144KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE