d4b057d984a7219bb39f1fb92dee5d3ca4e6310c2012af326d96f7fed20e1c96 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4b057d984a7219bb39f1fb92dee5d3ca4e6310c2012af326d96f7fed20e1c96
Size

96KB
MD5

3ebd491684a57621ec3a5d963c18ecf8
SHA1

4bd797a67cf6f7058655681c72b0c1b6379673b7
SHA256

d4b057d984a7219bb39f1fb92dee5d3ca4e6310c2012af326d96f7fed20e1c96
SHA512

7c8dd2f561856d3cff6c01a219f93af836df77ed54f17affd2cc6c8e9eb7e546f79712a9b547abcb3c20d793f83ea2d9d36b539b67f3878f68f0cf5dea0a23a8
SSDEEP

768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+p5:3RsvcdcQjosnvng6uQ1J0

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4b057d984a7219bb39f1fb92dee5d3ca4e6310c2012af326d96f7fed20e1c96

Files

d4b057d984a7219bb39f1fb92dee5d3ca4e6310c2012af326d96f7fed20e1c96
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 73KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE