Static task
static1
Behavioral task
behavioral1
Sample
d4b36890765e965fc755ba1e8a5ac417a5f836c5f583bade52d4011f2f9807d3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d4b36890765e965fc755ba1e8a5ac417a5f836c5f583bade52d4011f2f9807d3.exe
Resource
win10v2004-20240426-en
General
-
Target
d4b36890765e965fc755ba1e8a5ac417a5f836c5f583bade52d4011f2f9807d3
-
Size
45KB
-
MD5
3209d84fe824dc59308dccab0c1d4b8b
-
SHA1
edd0bef48665580a2a0b191fc9698251942ffd7b
-
SHA256
d4b36890765e965fc755ba1e8a5ac417a5f836c5f583bade52d4011f2f9807d3
-
SHA512
6d8247ee6ea118cbf9da3d1a6cb801220fbc2104a8bdfd882f738aa469835ae9539a68be7d7144aa8bb2be172683558c62424de0af635fef911898fe01dfc196
-
SSDEEP
768:2mFQj8rM9whcqet8WfYUtT92S21XFXRnnePxCXNvF7DFK+5nEjB:8AwEmBj3EXHn4x+9ajB
Malware Config
Signatures
-
Detects executables built or packed with MPress PE compressor 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_MPress -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4b36890765e965fc755ba1e8a5ac417a5f836c5f583bade52d4011f2f9807d3
Files
-
d4b36890765e965fc755ba1e8a5ac417a5f836c5f583bade52d4011f2f9807d3.exe windows:4 windows x86 arch:x86
b876114877b29a61f9955d83081f159a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
msvbvm60
ord516
Sections
.MPRESS1 Size: 28KB - Virtual size: 164KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE