Purchase order[.]tar[.]gz[.]exe[.]gz | Triage

Sharing

General

Target

Purchase order.tar.gz.exe.gz
Size

1.6MB
MD5

477671b30a9d004444aec0c37c37c0ad
SHA1

54d32b8b9df7fa425db8a12736236d3bdf660844
SHA256

8936654cbd0be01c87d37a99e977981389675df3dab67728d9ac30893efdfc3e
SHA512

b74fb6c426fd4cfd7820f82c50776b9119bcfdcb44665a4c14532d0c85784b9b660b67acfe289a32afba518d988b22661b1715946d1442f96111f5a5fe40dc59
SSDEEP

24576:PMkT4gLKu9KKozJQd/HJNRO/BCM6wIJp4m+3bu8U2flxAv:EkTpT9K1mzyCM6wW4mEQ2W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Purchase order.exe

Files

Purchase order.tar.gz.exe.gz
.tar
Purchase order.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

<<< Copyright (c) Delphi TARGA Loader v0.2 by XProger >>>

Sections

CODE
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ