Static task
static1
Behavioral task
behavioral1
Sample
0FRVRFTI.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
0FRVRFTI.exe
Resource
win10v2004-20230703-en
General
-
Target
New Purchase Order.img
-
Size
1.2MB
-
MD5
add9236bcc464563087288d669c89a47
-
SHA1
87c30ec5e8922ccc8518d5f94d34983ab1e2ed20
-
SHA256
945e48b4ab85939c166f4a37806218260ccd47f09ea6530eee5564d6f4f55d55
-
SHA512
4b1862b98aae78abe0538bc4e51fff90eab2eadf6f38c6b54c91c373b5747577d3831d36e97d9022c134167b6c311b7c31e33b3239bc8f4528a829f5380138cc
-
SSDEEP
768:e5QPlYhHVmbqLnt/z7S4z+CRY1GrU1zozm1V:eoluVmeh/zRqGEUsV
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/0FRVRFTI.EXE
Files
-
New Purchase Order.img.iso
-
0FRVRFTI.EXE.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ