PURCHASE ORDER[.][.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PURCHASE ORDER..zip
Size

625KB
MD5

df95066ee6052b8c53cd9fddd08e5428
SHA1

d634ea10e10f0f21c771b876f6b34f81d1227943
SHA256

0c2e622d1a7f8716b8ec361882cbd6f0c2771c71ab7e5b577b34b253aa052a92
SHA512

ff7dce225dbc1b73a84bda80583c67894ae1b0ffcf284518e3ca7bcc4a288e84e4f8c988cbda6c0baef3bba4903453eae821077c1c0de8e13650c383ed65f285
SSDEEP

12288:XGRJFcVW0voIyaU3ccMeBIXjB/TthBdFD47K5Lq3otXNmBBbcrfGIXE:WeVW0oXaU3tjCzB7thTSm5OyMBIbg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/items.exe

Files

PURCHASE ORDER..zip
.zip
items.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ