Signed Purchase Order-Intermetro[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Signed Purchase Order-Intermetro.exe
Size

667KB
MD5

208d6cd979c30d951b00653c89514dd6
SHA1

b7b48a1e1a36d73fc86b3cf94a35ce0e75c536a4
SHA256

ab463de3b695c5e6a4f163c156ad7ef4949a728481711627de738b6a9d84d1f3
SHA512

87ed344ac79463b0cda2bc7847676fbcb607a49464c6379c393c88c694f6c179af8c54b086ba04443df17265c41e1a421b767b4dcda86705d16efec5495d4984
SSDEEP

12288:em9P+uIAsAstC8JMT1XVzk6a5tsm3fBndYiOIlP73:llN1Q1GFlm5O8PL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Signed Purchase Order-Intermetro.exe

Files

Signed Purchase Order-Intermetro.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ