inv[.]iso | Triage

Resubmissions

05-02-2024 11:12

240205-na8dzagdbq 10

05-02-2024 11:04

240205-m6lpeaebc9 3

Sharing

General

Target

inv.iso
Size

526KB
MD5

b0ea13990301f024fb3fbf1ca8bbaf4d
SHA1

a3a81e04e129c1de8cef7dc883916a1f5021658b
SHA256

71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c
SHA512

86a03a0a0bc9c1f5f3e19763f0a136d7c92e12507f06c7e5909e759389fb9d5625569514a466d73f9e3e65ebb187f83811e589224bc4b0c720b1cdeca05cede5
SSDEEP

6144:/S5kfebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZn1Pu:/S5kdzBQ8ogPxiBqL0hOTPxSQKHEqiZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/also/like.dat

Files

inv.iso
.iso
out.iso
.iso
Unpaid_order-.lnk
.lnk
also/by.gif
also/get.txt
also/like.dat
.dll .js windows:6 windows x64 arch:x64 polyglot

d7b3cb508b97110669926c0b6188cbe0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

usp10

ScriptSubstituteSingleGlyph
ScriptString_pLogAttr

shlwapi

StrStrIA
StrFormatByteSizeA
ord152

Exports

Exports

DJBvQe0Pa
IAVfTMjOv
IXZSLBZat0
JgloKDzge
JxrtkITomp
Pu2ZEbHTuf
Ur204zJA2
Yxn9Kh
guqUidQC
gyuashfhyugas
kUi4fHHM
mnl2eYY7
rMSr1Jp1Loh
ux0iqKj
yhEza4
zFNLPv2q

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
also/on.gif
also/there.gif
also/what.gif
also/worker.cmd
also/worker.js
.js