Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT APPROVED.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
PAYMENT APPROVED.exe
Resource
win10v2004-20230915-en
General
-
Target
mkpub_PAYMENT APPROVED.PDF.Gz
-
Size
600KB
-
MD5
72dc7d73bf36f8cb8a83d7f45986652f
-
SHA1
0e3d7f8b7951371bdd9b5e18c556ce6b700f7a86
-
SHA256
512b8e5d31688950a0370b728506bcc9f76836d3828661cc5e776b2ecda6e04c
-
SHA512
a857d1e1da0dcebaf808f96c24f00f930e3d1481030d38b828d83b0551e7ccee4aff25cb9ae916d403a5b12bd0af270a7715546ae336ab34387657ccefa5084c
-
SSDEEP
12288:IHIjwteW3KDWpu5IuP2ZF2zEpcD2kP5W1rRZ4sLGypA8Ox1o2YmdTvoyml/2:gIjwMCpu5X2/mEpXy5irRnLGyphG1o2t
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/PAYMENT APPROVED.exe
Files
-
mkpub_PAYMENT APPROVED.PDF.Gz.zip
Password: infected
-
PAYMENT APPROVED.exe.exe windows:4 windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 631KB - Virtual size: 630KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ