b81be1a34bffe8b5f17c91fec9894e3fde43e59012aa59bfce266f5c0b042bbc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b81be1a34bffe8b5f17c91fec9894e3fde43e59012aa59bfce266f5c0b042bbc
Size

457KB
MD5

13a741fa24a290e0ae8815a2e20a03b1
SHA1

59815fecce4a2434c1917227e7a4a00f06291582
SHA256

b81be1a34bffe8b5f17c91fec9894e3fde43e59012aa59bfce266f5c0b042bbc
SHA512

e64c874516a1e7178ffc88185820d3905d1ea1231357bd6c525e0937e3971bc32f277dccbde9a3634becb666d042e71cdf5c93c8773f1e0ca667e63eb69ec0b3
SSDEEP

6144:yY+32WWluqvHpVmXWEjFJRWci+WUd20rUU5EYCTvaBju4zl:hnWwvHpVmXpjJIUd2cUusvalxzl

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b81be1a34bffe8b5f17c91fec9894e3fde43e59012aa59bfce266f5c0b042bbc

Files

b81be1a34bffe8b5f17c91fec9894e3fde43e59012aa59bfce266f5c0b042bbc
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 442KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE