purchases[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

purchases.exe
Size

688KB
MD5

d14c7b3a566713cacfc46a254d172dc2
SHA1

a22cf6a68811d373b75cfcbb79e042c37f236d09
SHA256

ca1700973f1813f91e8e0c3eb653a52af226bafa1479a6f22e68ffde3d9946a6
SHA512

0a6a3af0057fa75070a18ccf56980ec54849a70553c427cda518c62aaebf6bc5074d455b4db87453f1193e72c4dc9e39dd357fbec188cbb77866a43bee00dc83
SSDEEP

12288:Bb5yzvbYmBHuUv2t+MEbwtfD0VzAzcbcvcib1kA988ii+ekS2Zes:rebY0OUvbWDIzAzc4vcibNabU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
purchases.exe

Files

purchases.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ