PO 23897 Order Request[.]exe | Triage

Sharing

General

Target

PO 23897 Order Request.exe
Size

679KB
MD5

8cb919da2d28a2e7a35a14a16c2abad3
SHA1

ccb408f332fb889635bc79b67c4dc4c73560fd3c
SHA256

38a05c98b7bd7131bc6d65dc7c5b2a68c63c63119a32012faf1981aa6f40a9c4
SHA512

523d9c571c672cc5f852225bcccfb913a72255719f4c9760cee35d9ced4f907bf3d0842d9c96f732d5c50c1f16d0575f87475b721afdd8c85c655156b7139d5f
SSDEEP

12288:ubBPJwKcI45ssbyJzx17McOjlvS9fIx7LlsyVf48keZL0WLE3q0tpeZsTQi:gBhcvCsY7Mv5K5Ix7gB4/EntAmTQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PO 23897 Order Request.exe

Files

PO 23897 Order Request.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

YmDL.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ