PDF Payment Notification fkHWFp2kdYelWk3[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PDF Payment Notification fkHWFp2kdYelWk3.exe
Size

632KB
MD5

f8d36232107047afe262f9b8711bce2d
SHA1

bc48516389629f07d29fa8b7425eca0dfbbc6dec
SHA256

a433dfdb99b293b73898ac05be0fbf6baa9d79976655b0c51ba5a5a0066a2632
SHA512

5bfab42733edc5a4cf5c790642e5479331f440f420908812fc2e1dc683e100ac5ab530895d049083b4ba8da6e68e99917e9bd8aaa1456a4c49bfea1ea5902c9c
SSDEEP

12288:DF9lwFa3JY0YPxnyQPgkA/W0L0A4732TH4NrYNHS5sohUHZB:DF9n5UyQPcOcpUGgrb5jmH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PDF Payment Notification fkHWFp2kdYelWk3.exe

Files

PDF Payment Notification fkHWFp2kdYelWk3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

atRm.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ