APRIL ORDER #344673[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

APRIL ORDER #344673.zip
Size

667KB
MD5

27f07fc837a992cdf09e3ed987a025fb
SHA1

14d8d35d3617a010fe0563e459e1ff485a51e6e0
SHA256

11e029f9ab3ab160b248092827b33fcf34f8b42e61d95bc460ec059aba37abb6
SHA512

ba2b90ea88cf21b862b0eb91a34d5aa10e7e6e09071a44633c82d9d79306ff431d68ea00ae4515fdbd4589b6283d830e4b82d896f533f9fb528ba812b4d79496
SSDEEP

12288:mXnmXzAT2T6+U8MbYKSL6seCcwdB5czGQoTk2ucegvZagN5aGSIjIGGRPzj3eZnJ:mXWAl+L6seC9z5czGQog7ceyZagN5hph

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/APRIL ORDER #344673.exe

Files

APRIL ORDER #344673.zip
.zip
APRIL ORDER #344673.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 670KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ