73eff806bea81845201af3da681481219cf19f56f6dbabfffeeaa3054bdcd870

Sharing

Copy URL Twitter E-mail

General

Target

73eff806bea81845201af3da681481219cf19f56f6dbabfffeeaa3054bdcd870
Size

5.7MB
MD5

93d7eb1b9c6a9682ea601511fc4c1052
SHA1

a43e4ad543968bd61989abe1379b61f36ef6415b
SHA256

73eff806bea81845201af3da681481219cf19f56f6dbabfffeeaa3054bdcd870
SHA512

ad3b4c8a765fc5162083399d1be95959c812e93ab00eb173029718590cdb535fcf846537d31454f77c0f33f6dcf5f0abe6bef5cab639933512a42143c6520f84
SSDEEP

98304:oRi11Khs7CF4eSDgQsEgCtQYVGWvJkZrs//dZOGDeANfclHVEZuUTSQjVkFme6/d:oEmhACF4enqtQYYUeRsndZD/clHV8uKN

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73eff806bea81845201af3da681481219cf19f56f6dbabfffeeaa3054bdcd870

Files

73eff806bea81845201af3da681481219cf19f56f6dbabfffeeaa3054bdcd870
.exe windows:5 windows x86 arch:x86

a0010f9a44f8bab2b514911355945c90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

MultiByteToWideChar
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

atl

ord47

gdi32

DeleteDC

gdiplus

GdipDrawRectangle

msimg32

TransparentBlt

msvcrt

strncmp

ole32

CreateStreamOnHGlobal

oleaut32

SysAllocString

shell32

DragAcceptFiles

shlwapi

PathFileExistsA

user32

AppendMenuA
CharUpperBuffW

wininet

HttpQueryInfoA

Sections

.MPRESS1
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.htext
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4)`
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wv5
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Oi5
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0010f9a44f8bab2b514911355945c90

Headers

File Characteristics

Imports

kernel32

atl

gdi32

gdiplus

msimg32

msvcrt

ole32

oleaut32

shell32

shlwapi

user32

wininet

Sections

.MPRESS1 Size: - Virtual size: 576KB

.MPRESS2 Size: - Virtual size: 4KB

.imports Size: - Virtual size: 4KB

.htext Size: - Virtual size: 8KB

.4)` Size: - Virtual size: 3.1MB

.wv5 Size: 2KB - Virtual size: 1KB

.Oi5 Size: 5.7MB - Virtual size: 5.7MB

.MPRESS1
Size: - Virtual size: 576KB

.MPRESS2
Size: - Virtual size: 4KB

.imports
Size: - Virtual size: 4KB

.htext
Size: - Virtual size: 8KB

.4)`
Size: - Virtual size: 3.1MB

.wv5
Size: 2KB - Virtual size: 1KB

.Oi5
Size: 5.7MB - Virtual size: 5.7MB