1a826bc7f3b41e7357a4461f93645e33f927a6ba8d61a0988732b57e4e875def | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a826bc7f3b41e7357a4461f93645e33f927a6ba8d61a0988732b57e4e875def
Size

73KB
MD5

85a5e1fb5ff13f0fb2cff2b65a2501e8
SHA1

c76c03641ca70689a881af79479d5a6130bc4199
SHA256

1a826bc7f3b41e7357a4461f93645e33f927a6ba8d61a0988732b57e4e875def
SHA512

c57bbc3f5f891f363f34f1da1b6d668382849bd05655e4a07c69516cdbdaac8a002b71e81c58ab5b79a7c1688c6ace2b69c00adb21b87e86dec9d1eacbd41ffa
SSDEEP

1536:mbM0epH/b4QDJoLIy8oPUCVNi8NfO9Jp3uKEXDjVQE/PnHt9geE:U1OjvuZNbNGuKy9/PnNA

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a826bc7f3b41e7357a4461f93645e33f927a6ba8d61a0988732b57e4e875def

Files

1a826bc7f3b41e7357a4461f93645e33f927a6ba8d61a0988732b57e4e875def
.exe windows:4 windows x86 arch:x86

246168156b51acaf83f2ea878e56a947

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegOpenKeyA

atl

ord42

gdi32

BitBlt

gdiplus

GdipDrawLine

msimg32

AlphaBlend

msvcrt

free

ole32

OleRun

oleaut32

VarR8FromBool

shell32

DragFinish

shlwapi

PathFileExistsA

user32

GetDC

wininet

InternetOpenA

Sections

.MPRESS1
Size: 68KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE