Static task
static1
Behavioral task
behavioral1
Sample
Pending Bookings.exe
Resource
win7-20230220-en
General
-
Target
Pending Bookings.rar
-
Size
713KB
-
MD5
67e1617a5ea2d4c42a12abbeae130661
-
SHA1
65686fd6373a8758e6273a1c4a28c82f1ff73446
-
SHA256
f059d236704a51f68efffeab7a60bcd0a46656ff246aaa0b01c670f4cca3e0f7
-
SHA512
aa711c57817bd51db8fe90ab9931d96e34210bdbf7b53c6544dd00b26947dbecc37c8c822bc7dc9ced38df013378885b01bd6751a242be3aaf538f0081b0ee5a
-
SSDEEP
12288:XLqIgdarV1kFwsu9L486GOqmm0yBz+8IJpePehDk06i5r29R3xeQMe00:XLqISakFZuN4nHmz+8upePwDk0B5r2nd
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Pending Bookings.exe
Files
-
Pending Bookings.rar.rar
-
Pending Bookings.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 861KB - Virtual size: 861KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ