1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db | Triage

Sharing

General

Target

1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db
Size

16KB
MD5

ebd61de83b6f2ee599dd185b1d8878ba
SHA1

dbc9bf259dd6c19dd89612ba58d8d4fcb35760cd
SHA256

1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db
SHA512

81ea2eb63b9a6f6c3f5030ada9d9c4b585487f07e052c8884205b0e6fe12d0afece07ab05551c379440ea2667ff8d240f61b47547f5502de8c813b8fd96892f4
SSDEEP

192:UXtT73NdbzQQzMQtN1P4SxQlYpW2uCIb2DA14hd3EwrcCenNSOnwOmOzO6i4163i:yx/aIwSkYpJXzQNSOwOmOzO6i4163i

Score

10^/10

Malware Config

Signatures

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db

Files

1cfb49a006300f723537fff477eba4c275f639b81b4312e508f92492624185db
.exe windows:5 windows x86 arch:x86

a095a7b9849a32d60ffe403d4f864436

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndPaint

gdi32

TextOutA

comctl32

ord17

Sections

.MPRESS1
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE