c752b4a8b3d24c8917ded0baebea11b52e56b4371f7b7141275871c08e4cb501 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c752b4a8b3d24c8917ded0baebea11b52e56b4371f7b7141275871c08e4cb501
Size

130KB
MD5

2e616bd684d45c6ebde3e9238e20f2e5
SHA1

f5cab6c8f2d6b294c9c4ca47c725bf95e7128ed7
SHA256

c752b4a8b3d24c8917ded0baebea11b52e56b4371f7b7141275871c08e4cb501
SHA512

6bf351a3f786808d1c1d04853dffd9da929937c1d1d4daf6087f3c1685a5b2e0f9d28b7339133d9fb152e59d6e8b3b3b8a1f88d07acfd069f08492e4048cba7e
SSDEEP

3072:nGfAUbd5CR4Up+UPO0ksS7KoD1f2CfUpHzk2r0C:M1b/UJO0m7Ko5fvfo3F

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c752b4a8b3d24c8917ded0baebea11b52e56b4371f7b7141275871c08e4cb501

Files

c752b4a8b3d24c8917ded0baebea11b52e56b4371f7b7141275871c08e4cb501
.exe windows:4 windows x86 arch:x86

b876114877b29a61f9955d83081f159a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvbvm60

ord516

Sections

.MPRESS1
Size: 118KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE