fdf38b9a2fda1aefbcfa1b1e6617956a2fcf0650b373ea059c17dba7cb2c114c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdf38b9a2fda1aefbcfa1b1e6617956a2fcf0650b373ea059c17dba7cb2c114c
Size

97KB
MD5

23d556c08f7b87a8e32f5414acf37228
SHA1

cffbd86528daafb617347daaa81aa715a9c7173a
SHA256

fdf38b9a2fda1aefbcfa1b1e6617956a2fcf0650b373ea059c17dba7cb2c114c
SHA512

bdd4c3cbf7e3c4830581e8539414bef91dceb7ef72caabd123bdeeb3516cce5358e71091bbe547f01789c0b2eef8f7daf1506c9a1ea269df86af44c231c1bfe6
SSDEEP

384:pMSTdCSYpIYpeaiMswx5NXhmLVNxzrba0DeuKF/1eauO:qSRCSfXa9xThmzxzr5KdJ

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdf38b9a2fda1aefbcfa1b1e6617956a2fcf0650b373ea059c17dba7cb2c114c

Files

fdf38b9a2fda1aefbcfa1b1e6617956a2fcf0650b373ea059c17dba7cb2c114c
.exe windows:5 windows x86 arch:x86

d0b8285184365a838ba34f4f2ef57766

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wininet

InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW
InternetQueryOptionW
InternetOpenW

kernel32

HeapCreate
GetModuleFileNameW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
GetTempPathW
lstrlenW
lstrcmpW
ExitProcess
GetFileSize
HeapAlloc
GetModuleHandleW
WriteFile
ReadFile
CreateFileW

user32

wsprintfW

shell32

ShellExecuteW

Sections

.MPRESS1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE