e689135fcef437cece1c05bd44c670b71b73327aab4aeedbbadd8aae40261ccf | Triage

Sharing

General

Target

e689135fcef437cece1c05bd44c670b71b73327aab4aeedbbadd8aae40261ccf
Size

91KB
MD5

a5f918a3fe93e63d021452e15471be99
SHA1

f1852f2872a4bcdc920d90061d08cda4a2bbab79
SHA256

e689135fcef437cece1c05bd44c670b71b73327aab4aeedbbadd8aae40261ccf
SHA512

d44e27cfbee738d89b43cfa09cd289a642400089a3734e102b68650ee1950fe70b87a28fb5a043b0c109e1be8a150e3e4bca3dc8dc02fc81beaae1bb8071ef06
SSDEEP

1536:zAwEmBZ04faWmtN4nic+6GnTAwEmBZ04faWmtN4nic+6GU:zGms4Eton0nTGms4Eton0U

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e689135fcef437cece1c05bd44c670b71b73327aab4aeedbbadd8aae40261ccf

Files

e689135fcef437cece1c05bd44c670b71b73327aab4aeedbbadd8aae40261ccf
.exe windows:4 windows x86 arch:x86

b876114877b29a61f9955d83081f159a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvbvm60

ord516

Sections

.MPRESS1
Size: 28KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE