OLKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OLKI
Size

426KB
MD5

eaa851b31d0643fd629a6f7c3b696883
SHA1

df25353865a52e0acaaf4432a7ebb45a0c0dc204
SHA256

a6cd2cfdc41ec648d6ba3b2456f91be8f55b3bba1f27686ac3e3f2b8995a9e06
SHA512

af2c0f9a4baa2c91894d9781a3bd6484f821d30ae6fc90fc677c198e31e2fc41bbe20c2d0250b505c8df3e564710d268ef6c0d629b6fb00bd0164c168bae6862
SSDEEP

12288:koZ10eG9aZ6sf983NuywjORZ750LIs7BsSD1s5cRQsdHxEVqOoCa/BwGFxCp:kkY9ak9vokZy05OW5cusRq1oR7Fk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Order Confirmation.exe

Files

OLKI
.zip
Order Confirmation.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ