a598e7fa7eb6b1c99d7b936f0e6e3ba9dd71cd62c4058330b8d4b7946a11111b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a598e7fa7eb6b1c99d7b936f0e6e3ba9dd71cd62c4058330b8d4b7946a11111b
Size

28KB
MD5

0662b97f4a9bb54ebb8b7f839a16ee4b
SHA1

d55a52b8fa2881ad4a5958f46b0512267a671b45
SHA256

a598e7fa7eb6b1c99d7b936f0e6e3ba9dd71cd62c4058330b8d4b7946a11111b
SHA512

ef03cf4edb9f26b1a4df9908273cf4e5aad4a429e1da1f6b7d6d1500b930c0e5a07fba4c08fc84aa0ee056b0eb42f46952fff150562196c5d361c93f5b1f642e
SSDEEP

768:jOb2gOo0mw18ae8MrQRN7DctOOtEvwDpjpa:jKUog898rYMOtEvwDpjpa

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a598e7fa7eb6b1c99d7b936f0e6e3ba9dd71cd62c4058330b8d4b7946a11111b

Files

a598e7fa7eb6b1c99d7b936f0e6e3ba9dd71cd62c4058330b8d4b7946a11111b
.exe windows:5 windows x86 arch:x86

1a37837ee1c6a4695e0f8fcef0f6b4f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdi32

CreateFontIndirectA

user32

EndPaint

Sections

.MPRESS1
Size: 13KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE