OC-Order-confirmation,xlm[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OC-Order-confirmation,xlm.exe
Size

179KB
MD5

ca505fb383d4fb0daeb776ccf03271b6
SHA1

938c1e55054ab8e53ace8407de00736c86515b0a
SHA256

66f924b6bbd7f39cab17076809eed79e535c82b1ac3868916af2873c3ded0fa8
SHA512

b761f99b9230f36fb2888d586b37e160613bf52fb3035d0f9c2de8a42fea4d4e5403e612a5df10f39b2a5916cd3ef53b35603986d249734919f620ea3283c322
SSDEEP

1536:MHKAY1c9wqvnAv77vvvvv7vvvvvvv7vvvvv64+mhhhm+DtqOgd:V+9wqY+mhhhmitqO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OC-Order-confirmation,xlm.exe

Files

OC-Order-confirmation,xlm.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

}} <{0R
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ