M800_RecordLOC[.]exe[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

M800_RecordLOC.exe.7z
Size

970KB
MD5

1d8c88a7ca563fcc036f5dfbb5679347
SHA1

5f794e58315a9e30ad1d62a4844e837c193121ac
SHA256

1cccfe885c7db0f794364d3d96bd8ff96ad4900a70447970fad2e6d46ed24939
SHA512

52d01d6dd74978ca3c18e6783736f3311ebb602005fd0abdb2c2dd919786991b25f2f22bc5bf08f03b8b2ec659b41ae7b15dc7604b83c3ab8d6a53122791197a
SSDEEP

24576:vZAVZe+0wQlOiyETEAdDV9bCKXY/Awfsf6z:hAmgi3TEAdZ0aYowfsfc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/M800_RecordLOC.exe

Files

M800_RecordLOC.exe.7z
.7z

Password: infected
M800_RecordLOC.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ