Static task
static1
Behavioral task
behavioral1
Sample
dea3c6095224ec27d9656783895fc59fe9a3a8a26b0304a6a2733e4481761c93.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dea3c6095224ec27d9656783895fc59fe9a3a8a26b0304a6a2733e4481761c93.exe
Resource
win10v2004-20240508-en
General
-
Target
dea3c6095224ec27d9656783895fc59fe9a3a8a26b0304a6a2733e4481761c93
-
Size
91KB
-
MD5
2835b0b18d506ee17195779b74fd5efb
-
SHA1
22fee58891fccfb3acfa278d376e28be5f8726d7
-
SHA256
dea3c6095224ec27d9656783895fc59fe9a3a8a26b0304a6a2733e4481761c93
-
SHA512
df68607e4403a1d1330b46cb98da4bbb593f510b4bba99a2ba400139a315501b4374fcf2187480b0716b0474291018c81b730c6538cc1a54486f5e9a9b40885c
-
SSDEEP
1536:FAwEmBGz1lNNqDaG0PoxhlzmDAwEmBGz1lNNqDaG0Poxhlzm+:FGmUXNQDaG0A8DGmUXNQDaG0A8+
Malware Config
Signatures
-
Detects executables built or packed with MPress PE compressor 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_MPress -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dea3c6095224ec27d9656783895fc59fe9a3a8a26b0304a6a2733e4481761c93
Files
-
dea3c6095224ec27d9656783895fc59fe9a3a8a26b0304a6a2733e4481761c93.exe windows:4 windows x86 arch:x86
b876114877b29a61f9955d83081f159a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
msvbvm60
ord516
Sections
.MPRESS1 Size: 28KB - Virtual size: 164KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE