52e06af8be7bbca4129bedf61f7f9e640a89673c4e0bc45d23ac1f460a8db8ad | Triage

Sharing

General

Target

52e06af8be7bbca4129bedf61f7f9e640a89673c4e0bc45d23ac1f460a8db8ad
Size

35KB
MD5

a4caa682da7e74bd4531843e2e3a2dfe
SHA1

7e7a21a64a67bd5592f4be38d9b8287d5bc00649
SHA256

52e06af8be7bbca4129bedf61f7f9e640a89673c4e0bc45d23ac1f460a8db8ad
SHA512

54b5caed31fdf1cf9569c1bdb8b0eae0f09d1ec2a86ee77961e3f24cb8f690fdd03758ca28a12e858a9a6c1f126741e20c88b5b607c87e0d4ec273279ef31f59
SSDEEP

384:Uc6CNYprcSCJp6hP2zvx/P4d1Hr06eeaQQt+h64LePZpkLCE:Uc6iacSSXxXKF4WQcxL8ZKLCE

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52e06af8be7bbca4129bedf61f7f9e640a89673c4e0bc45d23ac1f460a8db8ad

Files

52e06af8be7bbca4129bedf61f7f9e640a89673c4e0bc45d23ac1f460a8db8ad
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE