Erp7[.]Pos7_GRP[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Erp7.Pos7_GRP.exe
Size

506KB
MD5

0e11c4faa552aa7a3c7f6de7bd0abf60
SHA1

215a06fd20e18caaf09aafdfd49c127f75578085
SHA256

5d00a41d277be73a15f18eb0522f17087d34e04fb893e2dd334a306006f00476
SHA512

1efeaba038376de6d6a14c90464329a7f06000f47d0f4657cd90fc0251554e2ec86f6276f8c40b359594b0088318761aa17b2d6e3a1b3386c3c659b890ca1a96
SSDEEP

12288:LZBS01ZHa3FnKsoVritqoLleeewlpvPzBVqwsD:X9Z63+GtqzRwll1Vq9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Erp7.Pos7_GRP.exe

Files

Erp7.Pos7_GRP.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ