Static task
static1
Behavioral task
behavioral1
Sample
shipment invoice.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
shipment invoice.exe
Resource
win10v2004-20240226-en
General
-
Target
122d62004392a5e26d7c14139972039c.bin
-
Size
299KB
-
MD5
0bed3f4f000f5d95dc2987802bcc64af
-
SHA1
485f21a06caa9b08f66528907a1019e017ac3bc3
-
SHA256
fa23e65fbdee95c95938739e24e414095829e930615991e09ac7bc14b314cfb1
-
SHA512
5b269a4f2fd090b3fa43665c8d1b618b7997af859240b54bcaee0703ad730aa5808bbf6fe592cb7142918cfdfef748de03f0976ccc76968d61a81c66a241f97b
-
SSDEEP
6144:ROaIbLFrWp1gnk6ubC3xb8EV8d3mXKiyNI+/5b2N6dmFvgL:Ubb5GarZBQEWd3mXKiyLJ2N6deg
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/shipment invoice.exe
Files
-
122d62004392a5e26d7c14139972039c.bin.zip
Password: infected
-
01b2950054c323053588464b4ccd6525e50f7a0de4616af228368b5e750a7d6b.7z.7z
Password: infected
-
shipment invoice.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 278KB - Virtual size: 277KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 212KB - Virtual size: 211KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ