5b04fc62c6a45ec0864b43081742c1276a50c675cc1f48211e31e7fc78e49400 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b04fc62c6a45ec0864b43081742c1276a50c675cc1f48211e31e7fc78e49400
Size

1.5MB
MD5

a44685ab590e8b2b0783e638cf3ba282
SHA1

d448538e189cfddf12539ef89d06de93d1ae9130
SHA256

5b04fc62c6a45ec0864b43081742c1276a50c675cc1f48211e31e7fc78e49400
SHA512

64f95a14b14401bf07c4a9e05075d34386cc1bf7c47335fd0ad3c233691811d239bc4c91218c4cc668f95964ea1d8b1c99d90c7c0f26dad5e5e4157068f24b6f
SSDEEP

6144:FJuXtXxog5E+FWPNfrf6yGEssQxNpbMceWdbjMMqcXmr8MMtjyhX9+FL:/8XNE+FuNfrSyGEssQJy03MMq/r8MMP

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b04fc62c6a45ec0864b43081742c1276a50c675cc1f48211e31e7fc78e49400

Files

5b04fc62c6a45ec0864b43081742c1276a50c675cc1f48211e31e7fc78e49400
.exe windows:4 windows x86 arch:x86

3e3d633779e35448851e7a9ca7e72522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitialize

Sections

.MPRESS1
Size: 170KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE