db2c60c2198b18e08105054d689b1819e9209347723751648175cab7c082da5a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db2c60c2198b18e08105054d689b1819e9209347723751648175cab7c082da5a
Size

35KB
MD5

2a414ede03e9a1bdaa8a53a3793d7337
SHA1

abbb787ed7c17487ec3492178fcdc7d79d1b62ab
SHA256

db2c60c2198b18e08105054d689b1819e9209347723751648175cab7c082da5a
SHA512

12af3a62f8d5089e360b8a0cce9acc7c9dcb218110995650189b6ba0c9516765070dcfab9096ea94e5e78256a9f7eaaadfac8fedd049b5684bac31c3d1b4ac1e
SSDEEP

384:Ib/JYSrFQjGYzfNHP1zZYpMYUzMk9hBcecy/xotGzLfNypAV:0/3Yd1zZN/zoy/WtsE8

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db2c60c2198b18e08105054d689b1819e9209347723751648175cab7c082da5a

Files

db2c60c2198b18e08105054d689b1819e9209347723751648175cab7c082da5a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE