72b091ef4c77e2178053d7d439d8f068069f40756ad2664ecaa1401001f638b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72b091ef4c77e2178053d7d439d8f068069f40756ad2664ecaa1401001f638b8
Size

20KB
MD5

0807f641625ed19ac9ecde52a719aeda
SHA1

40e7db8a6ace9a4a2b28c3a4af1d7326b1d81dda
SHA256

72b091ef4c77e2178053d7d439d8f068069f40756ad2664ecaa1401001f638b8
SHA512

b4f34a4d608a16ae02c15c4c65be1c9da22ee143dd6ac9fe841c119d5ff9c2db51a2287ab4e0d382cbbf8905d699857985edb735ead37e7738c3f623e4efe191
SSDEEP

384:hKnKM6lBdNRzxy8B6KocA+aPafdJtQ0iLAwOxNutYp7fjk5x:2KllH9B6RcA+OafdoXLAwOxNutmfjQx

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72b091ef4c77e2178053d7d439d8f068069f40756ad2664ecaa1401001f638b8

Files

72b091ef4c77e2178053d7d439d8f068069f40756ad2664ecaa1401001f638b8
.exe windows:4 windows x86 arch:x86

e021c9fc2c12265365fad587d43783fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndPaint

gdi32

CreateFontIndirectA

Sections

.MPRESS1
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE