Static task
static1
Behavioral task
behavioral1
Sample
kTg1jSEh7699WIj.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
kTg1jSEh7699WIj.exe
Resource
win10v2004-20230703-en
General
-
Target
ORDERS.zip
-
Size
678KB
-
MD5
117a5d382e9213355493bec05e49d218
-
SHA1
ea862ed0b4f37dec1505e47b58abb3601b31c287
-
SHA256
294df2fa74ab3b8907d096dafedac05200cc82c725fe3b8b4b78642aad013ec0
-
SHA512
f2b85d678b3cef3c7758038b2337ec4953103642b22c3af8c50f04f300b21a78f5dcf915f0cd4fa4ae8298466705ab64b0900898aacaa3980811db94a3324ad0
-
SSDEEP
12288:NptcrdhNzT/rzZrpbRv0lENqYzhApVQZ8bogX6j/vpRxx07DR1HfBoRpm06:hcrV7FrpbRv0lEYKQa8b1cvw7DHBEp96
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/kTg1jSEh7699WIj.exe
Files
-
ORDERS.zip.zip
-
ORDERS.ISO.iso
-
kTg1jSEh7699WIj.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 640KB - Virtual size: 639KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ