NEW ORDER-000000WE[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEW ORDER-000000WE.rar
Size

616KB
MD5

a9b4302e9e32f081a78b53e504408910
SHA1

74eeeea1f329e8f3512ce8e420ca78149cc7e7ec
SHA256

518dd4a7bd96090b6c2ed9e7a672fdc46d047e2c439040b4e6ad9a4e68fd5d47
SHA512

86aaccae656d754d58f9865a5d0cb869050f3d38a090b67f63256a96559a00ca7232cdb80181684a2a3f84037bf7ca8376acae8dbf37f75ce122c33754842b91
SSDEEP

12288:fYYMNm7NupRn36ztlh5ZCKCPEV3BsAg+jWKE/1ZtZkjQw6d:PV7QpRq5tJCsW3/1ZtZzw6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NEW ORDER-000000WE.exe

Files

NEW ORDER-000000WE.rar
.rar

Password: order
NEW ORDER-000000WE.exe
.exe windows:4 windows x86 arch:x86

Password: order

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rfZB.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ