ORDERIMG1z[.]z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ORDERIMG1z.z
Size

1.0MB
MD5

3a629ff0805f9697681130ffcf68c72c
SHA1

ca37f9ab56bad8367840d9675c1126e38ebe28e0
SHA256

b1e89f771c83aef693b555a5caacd223011ff9b09a4eaa5ff69aee4d4f57c4bb
SHA512

2d0129b3537207230cfb1ded5e1bce5eb2ba125e73f0634dc291376381e5ddd4ade7ffc0e76f6dc9bd6c453b9ad7691d9950598a3f01d679193d79a3139e39ae
SSDEEP

24576:LrSEIOmFIsukU7gGW3lYuvahKgQNBstZMyWFZ3zHA+:LxIwsukOgG5KgQNB6NupU+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ORDER_PDF.scr

Files

ORDERIMG1z.z
.7z
ORDER_PDF.scr
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ