003c8e84b440902aa963d4b1dc1ce7167c1ac28e7a0427c6a7bf332921ce9640 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

003c8e84b440902aa963d4b1dc1ce7167c1ac28e7a0427c6a7bf332921ce9640
Size

73KB
MD5

8e132f2e2ee01f381cab1719875517ca
SHA1

00a2c5ae47f1352b7c6a0c7ecf9529cd4e8b80f0
SHA256

003c8e84b440902aa963d4b1dc1ce7167c1ac28e7a0427c6a7bf332921ce9640
SHA512

77a9c568595cad9aeb145adf3ad2a16f831e2a2a73714c481c9091c66e8499a481e861acf3fb186505b165273b195f1f6f1ddf75994f6936d71bfe9b96caf6ea
SSDEEP

1536:ofpkRVniwiQdNgSV8kXo6UqzkRm3KVEZK41IEbCN9jOY:oh4i32NgSiyzkRNd41ngOY

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
003c8e84b440902aa963d4b1dc1ce7167c1ac28e7a0427c6a7bf332921ce9640

Files

003c8e84b440902aa963d4b1dc1ce7167c1ac28e7a0427c6a7bf332921ce9640
.dll windows:5 windows x86 arch:x86

2fb9a6b8b29fcbf20b167cd081d7ca94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

shell32

ord165

shlwapi

StrChrW

Exports

Exports

DefendOnLogoff
GetInterface
ServiceMain

Sections

.MPRESS1
Size: 68KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE