2ce97ed5f2a49a60628ba98edd0f7f6639d56431ef520ae8895546ee0c93442b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ce97ed5f2a49a60628ba98edd0f7f6639d56431ef520ae8895546ee0c93442b
Size

34KB
MD5

928bb386f162e8bfbeed3b4831ef86ac
SHA1

66a902b5e54c73dbf87f838b3f203f49fc2eeffb
SHA256

2ce97ed5f2a49a60628ba98edd0f7f6639d56431ef520ae8895546ee0c93442b
SHA512

d9d448257f3042b5ff9300daddfc0b440db788ac6b29caf5850fb81c6a69cc0405a6cc325ac35493fc91977e630414643bb8c2af32bd35ed9e606c60d4fcaacb
SSDEEP

768:BW9+FP4BPtYggggggLvggggggggUaocHMokk//:SaoVbk//

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ce97ed5f2a49a60628ba98edd0f7f6639d56431ef520ae8895546ee0c93442b

Files

2ce97ed5f2a49a60628ba98edd0f7f6639d56431ef520ae8895546ee0c93442b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE