INVOICE[.]tgz | Triage

Sharing

Copy URL Twitter E-mail

General

Target

INVOICE.tgz
Size

1.6MB
MD5

f86c97071810ee4201f27d5058683718
SHA1

a254bd25d7402840d218162a595b749cee10c115
SHA256

d3ce6f779b2b3989d4f17258ae1c08ae47312e2000adcc2c19484aa49418aa70
SHA512

a3bee5d45a6a4178b6cc9c932e198ea104c0fb89fc9abcabbed05bbfe96b429e119d4c723429f29f1dd20ca75e4fac0bfbb81e69a8b9b20b82b42b80a713f3c2
SSDEEP

12288:5srAsmP0opkm7PqTYs8wmXaHd8DEBn3qqx2WCwukpUe/y+8CvKW6/ydrOVt3:mrePoTGwmXaHnB6qxKe7yRCiWq3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/INVOICE.exe

Files

INVOICE.tgz
.gz
sample
.tar
INVOICE.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LdFO.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ