payment (2)[.]r00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payment (2).r00
Size

667KB
MD5

e18a773b622d41081f64e7e6d1ac71a7
SHA1

b373363ce4657067d8a8d81abe541a45dec9b338
SHA256

7eeebb236aa515391554ceef2a9eb9b67ff8d9313e60d1b66ccec81064afba6a
SHA512

33903307265c5f5d02fe56c5c5c13eab55be449cc0ed831cc30550bb46b320ece8e55d58f9aa5f1168652c1411fb60c9c8602f13beb6ab23b6530990746a4bcf
SSDEEP

12288:FeoW2JaKTF60T71xLaGSGmwnAy+72pJpYBDVPED685b7k0LyPJXxwjtXyZVs2cNz:coNJavqeJt2jY4m8580WhhmUsHNeLO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/w6dCKB3brVOxUJI.exe

Files

payment (2).r00
.rar
w6dCKB3brVOxUJI.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ