Static task
static1
Behavioral task
behavioral1
Sample
Automate Purchase orders88777.scr
Resource
win7-20240419-en
General
-
Target
4b241ba692cf4d44e9276e4d6eb43520.bin
-
Size
661KB
-
MD5
f6d9d5e1b0bb1d89b1a9a036724e95cf
-
SHA1
60b151a6ae671cccad55f86634d14785ecec3b5c
-
SHA256
cfd66a961d17be3fe85691a124004255c02e8ac6c9414b8ca1a424c2cf2a9832
-
SHA512
a9c7e6334bedbe2db03482adfc669d52cae312d0a529c91118bbce73f5feb3622f1185ce451257453efe9adbd119cede8d64ebe70a3c795fed7c98b42cb56f81
-
SSDEEP
12288:UpWeEwALz8Y5eAn0UeIQsPv5hQt3pRZkXVfPA4/GH/UB67Bxf3v/hAZS5rcnmbiv:UplRALwzYDesZuRmF1/8/UBgBN3v/hW3
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/Automate Purchase orders88777.scr
Files
-
4b241ba692cf4d44e9276e4d6eb43520.bin.zip
Password: infected
-
76d52e7cebd696a4f8b379cb2737ad8b160d6bc688d833dd6fef2e0864d611ed.7z.7z
Password: infected
-
Automate Purchase orders88777.scr.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 781KB - Virtual size: 780KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ