e9d73fa37b27480be90de801aa52324bf43b3f23abbbfb128a316142db1a4205 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9d73fa37b27480be90de801aa52324bf43b3f23abbbfb128a316142db1a4205
Size

1.7MB
MD5

2b70a0d4cc4e06268d01aff2f288d939
SHA1

0023974fe68bd2e7957b5006f13731e0414fd5a3
SHA256

e9d73fa37b27480be90de801aa52324bf43b3f23abbbfb128a316142db1a4205
SHA512

d39d9c8de021e24f8eb75658ea24074437ce9ce886ac3657876d2062d8b1fd8667bb54f40d937430289026402c9b6abb9c2950beb6aa232a2d6789a958d5537d
SSDEEP

49152:vItPU9LMnE4j3bvy49BCgm2onq2McfIyeB:w1MonE4j3u4jmFn1PwyeB

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9d73fa37b27480be90de801aa52324bf43b3f23abbbfb128a316142db1a4205

Files

e9d73fa37b27480be90de801aa52324bf43b3f23abbbfb128a316142db1a4205
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 1.5MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE