050ab948066b44f8f57adeada5885f4f883840072a9b721bdc4f95071a81bc29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

050ab948066b44f8f57adeada5885f4f883840072a9b721bdc4f95071a81bc29
Size

1.5MB
MD5

4f25d3b5d80dbed96f4571fdc519fdf4
SHA1

e7afb3de4667051f5ccab98acf17e370ca3d9d5b
SHA256

050ab948066b44f8f57adeada5885f4f883840072a9b721bdc4f95071a81bc29
SHA512

5c2f40d1c68e3b67e0a4f0c55baf57a472154b7b0ad249cfda647e78fdc99191ccf64027b01e6cd6e485314448894726c6a66cbdfe61dd7e138288c724ec343c
SSDEEP

12288:XwCXnLquXU99ICwj7xrcqPkePh+RvMaBlYJQCe2m9Or:AFn9pwjFMePh+RpBlU69Or

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
050ab948066b44f8f57adeada5885f4f883840072a9b721bdc4f95071a81bc29

Files

050ab948066b44f8f57adeada5885f4f883840072a9b721bdc4f95071a81bc29
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE