ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0 | Triage

Sharing

General

Target

ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0
Size

159KB
MD5

57d9e65deb45e6cdd1aa177ad9628785
SHA1

b8a1b46b455a03cb4d4a7eed05a425f91153e257
SHA256

ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0
SHA512

1b397892f054381f7fd4581d6ad1e6a88c5a919e4b53de93ba8fbf557651fc32c8b2f7847e4c7ca1f22a6722c310a76db73508f88835748010a932f731c9c2b6
SSDEEP

3072:g/5F/E7tEf0E+p+tYlpJH7iXQNgggHlxDZiYLK5WpYq:ghF4c5+wWJH7igNgjdFKsB

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0

Files

ebd79f5e8d9fc747f5d17972a81009e327610aa5af33f0b2f0c428ae864793c0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 140KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE