363701b7eaccb48c959bc291cbe481c563dbfdcf0570bfa1e17489474f5ab796 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

363701b7eaccb48c959bc291cbe481c563dbfdcf0570bfa1e17489474f5ab796
Size

134KB
MD5

4b9ebb020ec10103e5f0781604e4a3c8
SHA1

dd1466d8ca8c1e25851980a47598ea33a2745e6e
SHA256

363701b7eaccb48c959bc291cbe481c563dbfdcf0570bfa1e17489474f5ab796
SHA512

a94f701e5d0721a2feda003c7df09c82e4bef6ead2268f27cfab73b4687a60632f7f0d228830d68b5a463921c521665a0094d737398a7755e62f9171bb2439f8
SSDEEP

1536:0DfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:KiRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
363701b7eaccb48c959bc291cbe481c563dbfdcf0570bfa1e17489474f5ab796

Files

363701b7eaccb48c959bc291cbe481c563dbfdcf0570bfa1e17489474f5ab796
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE