9df0a70ae0b69374e6db27b088e00eeb003c7bdcd000b747770ed945b5d66e32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9df0a70ae0b69374e6db27b088e00eeb003c7bdcd000b747770ed945b5d66e32
Size

1.5MB
MD5

f030d440cf1c8a693857362d9703f66f
SHA1

ce91fbbe8a7b8597c803dc24f80397fe59930654
SHA256

9df0a70ae0b69374e6db27b088e00eeb003c7bdcd000b747770ed945b5d66e32
SHA512

000f907099205a1ec9ab18e3254b8622829b087c17ee5a854bb6863cbbe9cac1842d47625b44a43c877fc9315e1aa0f2a4a8dde4caf7ad93182067b7264213c7
SSDEEP

6144:FJuXtXxog5E+FWPNfrf6yGEssQxNpbMceWdbjMMqcXmr8MMtjyhX9+FL:/8XNE+FuNfrSyGEssQJy03MMq/r8MMP

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9df0a70ae0b69374e6db27b088e00eeb003c7bdcd000b747770ed945b5d66e32

Files

9df0a70ae0b69374e6db27b088e00eeb003c7bdcd000b747770ed945b5d66e32
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 170KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE