Orderpayment[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Orderpayment.rar
Size

91KB
MD5

871daf832c820166923e3eba3b78a4e2
SHA1

8ff76314ecb7e23c5f876c35cc6a9de5a8155fb8
SHA256

b34066edc262ffab7497c17296c8e69ea9ac9578bc998ef186d1c617526c2ba9
SHA512

dfd21f31fa28bb4b4e4572041623a86c162710d1b3346010225058f3de94f50cfe3b62d1548b4216648883d0f26fed2963111eecbc0380ba1acb3e6f76fcfe20
SSDEEP

1536:qtUM6uB1t+j3bnM9GUGLUI+9dNLi40rSVeLQQcqymdTH4+uYlQXQWLVXR+6B:Zud+jjCGUkoNoSvQcqy6HmJXXVBRB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/change to anyname.exe

Files

Orderpayment.rar
.rar

Password: 777
change to anyname.exe
.exe windows:4 windows x86 arch:x86

Password: 777

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Users\Administrator\Desktop\Outputs\DGrgLktwKnKIq.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ