INV[.]r00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

INV.r00
Size

544KB
MD5

fd9cfbe690dc42671c77881f65ea7a6d
SHA1

4dd5e07f208f9b8363ae78faa5b27e32411517c2
SHA256

7c0db249001b1789d7b239bb62a4cf50e90498d504de8368b4c43398571e2738
SHA512

d6d935e492297ef8d2a8c957cfbbc8f5e85e80c0ab893d14f79f1da0dad27651d15f062cbdad6f0076fa596b043a48472b9f37375f1f257546b14a413637dfbc
SSDEEP

12288:YWiPRa3pAqFMARxpowCdZHCkuKjXUU9rm4ovt4ttG5M3:Y9wAqPEZHkYXUUg4Tttp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SOA.exe

Files

INV.r00
.rar
SOA.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1016KB - Virtual size: 1016KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ