ORDERS[.]zip | Triage

Sharing

General

Target

ORDERS.zip
Size

678KB
MD5

117a5d382e9213355493bec05e49d218
SHA1

ea862ed0b4f37dec1505e47b58abb3601b31c287
SHA256

294df2fa74ab3b8907d096dafedac05200cc82c725fe3b8b4b78642aad013ec0
SHA512

f2b85d678b3cef3c7758038b2337ec4953103642b22c3af8c50f04f300b21a78f5dcf915f0cd4fa4ae8298466705ab64b0900898aacaa3980811db94a3324ad0
SSDEEP

12288:NptcrdhNzT/rzZrpbRv0lENqYzhApVQZ8bogX6j/vpRxx07DR1HfBoRpm06:hcrV7FrpbRv0lEYKQa8b1cvw7DHBEp96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/kTg1jSEh7699WIj.exe

Files

ORDERS.zip
.zip
ORDERS.ISO
.iso
kTg1jSEh7699WIj.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ