1ea65a673ece6d9c92149da6c8c0dfaddfc6cf3145085ebf957cb280b7b05db5

General

Target

1ea65a673ece6d9c92149da6c8c0dfaddfc6cf3145085ebf957cb280b7b05db5
Size

116KB
MD5

5db2ded6db24353fa75b5129dd6c78ee
SHA1

9319f3d131c438821c107b5d46051bf892c45d23
SHA256

1ea65a673ece6d9c92149da6c8c0dfaddfc6cf3145085ebf957cb280b7b05db5
SHA512

58354c595b91b9664d44c59e2102fd3c91685044fe1f617ea3946f509590ff15cd97f78f79630cfd930dc6efad92a32f63426e97c80d2d6ea5367ebe35bad27b
SSDEEP

768:qSqGCQo7QLGCQYHyYQX8DzbZEBHaCQhi9GOQ:qSkm7EabZK3QhG5Q

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ea65a673ece6d9c92149da6c8c0dfaddfc6cf3145085ebf957cb280b7b05db5

Files

1ea65a673ece6d9c92149da6c8c0dfaddfc6cf3145085ebf957cb280b7b05db5
.exe windows:5 windows x86 arch:x86

731679601c856adef7f532ff8eb87d13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA

gdi32

CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps

winmm

mciSendStringA

msacm32

acmStreamOpen

kernel32

GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary

ole32

CoCreateInstance

Sections

.MPRESS1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

731679601c856adef7f532ff8eb87d13

Headers

File Characteristics

Imports

user32

gdi32

winmm

msacm32

kernel32

ole32

Sections

.MPRESS1 Size: 28KB - Virtual size: 28KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 68KB - Virtual size: 68KB

.MPRESS1
Size: 28KB - Virtual size: 28KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 68KB - Virtual size: 68KB