mkpub_NEW_ORDER_PDF[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mkpub_NEW_ORDER_PDF.rar
Size

588KB
MD5

e208ea5fe86a7e8cf2a27a5a4bd722d9
SHA1

286c676cfe48a5dd82982908377351ab23f2ac7f
SHA256

98fadc2b6a298b25dce5406778cf80c2f0240a922cfca2b53c27f604c86f7cc3
SHA512

ec607faeb0b2c541f252d3691a2088a0a5d1361c7a5429eaa9a390522e022d64561ba5b97f2a3f1c23f3e37d69b59c578e8de3478d85bf97ea5f8450a19b5bef
SSDEEP

12288:3nt/IlNKOjsIJyBy4Yt+yUYantYPf9+EpMs+BYqGSJuE:9/IlNKO3Jyw45IatYHXEeqhL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NEW_ORDER_PDF.exe

Files

mkpub_NEW_ORDER_PDF.rar
.rar

Password: infected
NEW_ORDER_PDF.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ