0a066fa620a64bcec1213e7ada9f14967c99885d3e34d2bbc55c50d94ea88e70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a066fa620a64bcec1213e7ada9f14967c99885d3e34d2bbc55c50d94ea88e70
Size

242KB
MD5

7286f777bebaa5cce0f925fbd1db0fd7
SHA1

f1ae1e7dd05730936102be1de9ac50c0eb990dd8
SHA256

0a066fa620a64bcec1213e7ada9f14967c99885d3e34d2bbc55c50d94ea88e70
SHA512

befbf2683059ce8deb7ba8cec7139ab4714a8a47a8170fbac8aa105550c77d99ee91a834b6c89b14a7e5974ef2d9b7d6aaf48924f1d7d3864c0e2be36549c465
SSDEEP

1536:QNTnFw/RhJ56CdgzjtrNVYTqDLl0yB135WFA+I1sBrH3pEQDNRrhTiZGZhrhjgSt:DR4jdNqTqHL+3phRrbhrRgdu

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a066fa620a64bcec1213e7ada9f14967c99885d3e34d2bbc55c50d94ea88e70

Files

0a066fa620a64bcec1213e7ada9f14967c99885d3e34d2bbc55c50d94ea88e70
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 163KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE