Erp7[.]Pos7_O2O[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Erp7.Pos7_O2O.exe
Size

58KB
MD5

b04bee197397947d7dc9f65c44b10b68
SHA1

9df5fa7aa8d4efcfc25bd863fcaa245583185faa
SHA256

08a6f53758874e57960a74cbea59dec60bc74b28bc5b466c328749878676c389
SHA512

5f71f84315394be1ed1fd7566654d742bbe789ee2a7ab0e99e5ca0cbb6826826368d1603256caf3826472a3205d4a9c51394aa73e715786bc10207973d57bd20
SSDEEP

768:9/QfGPEhJd3oGcw+Leb1f3Ff9at4IaYzpQ4VlWzX7MoCr4eXPpGmm:9YloGcwEAF049wtmzYBTYmm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Erp7.Pos7_O2O.exe

Files

Erp7.Pos7_O2O.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ