3a30f0194dc8d31cc1b775a74a9c419262078a1d5cbe46244dc9b3546d891a23 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a30f0194dc8d31cc1b775a74a9c419262078a1d5cbe46244dc9b3546d891a23
Size

134KB
MD5

125b1c184ca3ba8793ffff2a71cdf12e
SHA1

297aaa6c27ddbf4287916769abfcf5b919c8336d
SHA256

3a30f0194dc8d31cc1b775a74a9c419262078a1d5cbe46244dc9b3546d891a23
SHA512

022375343956b5c63e0f8712af842871cfa160b60c92d26be30336897a168b197ac6c85bbac216a912f1ca6c7d751e8f8683a76b838f30c783c4a6bdaf916bb4
SSDEEP

1536:DDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:PiRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a30f0194dc8d31cc1b775a74a9c419262078a1d5cbe46244dc9b3546d891a23

Files

3a30f0194dc8d31cc1b775a74a9c419262078a1d5cbe46244dc9b3546d891a23
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE