Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20240226-en
General
-
Target
4f4b27d0367d76b89f099cabc16262c0.bin
-
Size
630KB
-
MD5
3b444ce3ba9ba6e6c3cf2e8d38c4a521
-
SHA1
3c2fe1dea41988206a4ce99cbafb790af9dd0ca1
-
SHA256
4f91a9f98de2c62bd829179d1c43fbae541e295af93babb589c549ecefdc0558
-
SHA512
054fb84ca8d70006ee7c19b9bbd34e8e6fcac1cef3437756780fd005ac24ae0119e329b4eb209225c65a2827b3cdbf29931c3386a182cb80c6e49a081f07cd39
-
SSDEEP
12288:FPX63ki5x6SGpzDeOpL/9X5+RvNZ7l5ftpAnenk1aJaANWUy:d60i5sSGpzDeOpj9XgRv/7l5HAe3Jalv
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/INVOICE.exe
Files
-
4f4b27d0367d76b89f099cabc16262c0.bin.zip
Password: infected
-
7558e973bff2426aca4278e62668478f8afc5fb5afcc5e0f77bbdbd733b84ac8.zip.zip
Password: infected
-
INVOICE.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 672KB - Virtual size: 671KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ