b7e7229bcae31643b9a90e19673ebe7ab94c7bb7ccec6f6b0f65b37bd2a99da2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7e7229bcae31643b9a90e19673ebe7ab94c7bb7ccec6f6b0f65b37bd2a99da2
Size

54KB
MD5

c184d5fea526ac9dd940384124a30567
SHA1

384ce6b78c279ea2d84e4c9f5c322c8c613e7193
SHA256

b7e7229bcae31643b9a90e19673ebe7ab94c7bb7ccec6f6b0f65b37bd2a99da2
SHA512

a236e2afef94212a82c2d3b234b9e415399f9e72198984f4543bedcdc21f9c749ecc30968446fe2bb3131ef955ed0100febe15903622b64274bc5d9a41f7257f
SSDEEP

768:iGwwi3kNYsGVnyM69cgFeyat3zBGwvnZXUk+EjeOScG3u/fClJM43FrGIgaEPCp:iGMo36pxZUk+OeOSc/Mn3FrGI1p

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7e7229bcae31643b9a90e19673ebe7ab94c7bb7ccec6f6b0f65b37bd2a99da2

Files

b7e7229bcae31643b9a90e19673ebe7ab94c7bb7ccec6f6b0f65b37bd2a99da2
.exe windows:5 windows x64 arch:x64

27866758e2384000aa4db66838a6893d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

strcat

shlwapi

StrStrIA

wininet

InternetOpenA

imagehlp

CheckSumMappedFile

version

VerQueryValueA

user32

GetDC

gdi32

EndPath

advapi32

RegOpenKeyA

Exports

Exports

Inject64End
Inject64Normal
Inject64Start
UacInject64End
UacInject64Start

Sections

.MPRESS1
Size: 50KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE