Purchase Order[.]xz[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Purchase Order.xz.bin
Size

425KB
MD5

7937243e92bc32cddb2296e535ee3704
SHA1

3244014797e3c14505970112dade673a8fe59737
SHA256

e75f916587121289c17d86217ad82c94a8c4a1f8921e5311147e5c090e9671ad
SHA512

784eff68ffcc89cc915945d781518a375e9e59aca4074f3a3143d3f2cc8ca752074e9bbf7ba28f7e9613d71a90085d8ef046b72f4076901d607db3b1066de1ee
SSDEEP

12288:/PuMtlc9blsT9GVOXdCfn0Xp6tMA0zex1mu8:/mMPc9blAmOCf0Xp6tUax1mu8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Purchase Order.exe

Files

Purchase Order.xz.bin
.rar
Purchase Order.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ