b398bcb2734e10e5934ccb2fc671eb53a5f39fe2b1e853233e055b5f693ec465 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b398bcb2734e10e5934ccb2fc671eb53a5f39fe2b1e853233e055b5f693ec465
Size

1.9MB
MD5

f5ca08e4fd55dd43f4beafddf14ee75c
SHA1

fad9c5d97d0a779d95d69d687e33d06c82a42eb4
SHA256

b398bcb2734e10e5934ccb2fc671eb53a5f39fe2b1e853233e055b5f693ec465
SHA512

831f84d8167a5c0fb8c321acfdb9256dfb78b1c40a9cbe8f247d816048615a9bfd5f48b81edba1e513c4119a16703ab115a6ce6c683128e0d51725f4a1d4e705
SSDEEP

49152:3GdRimzV0YPPIDhpun4l9p7kwqmiuMWF2F3Cv:8RimKYIDhm4lWfWcc

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b398bcb2734e10e5934ccb2fc671eb53a5f39fe2b1e853233e055b5f693ec465

Files

b398bcb2734e10e5934ccb2fc671eb53a5f39fe2b1e853233e055b5f693ec465
.exe windows:4 windows x86 arch:x86

1680cb9d637ea01ff55565ead30ec83f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvbvm60

ord582

Sections

.MPRESS1
Size: 1.9MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE