Payment Confirmation[.]tgz | Triage

Sharing

General

Target

Payment Confirmation.tgz
Size

1.4MB
MD5

2bc5967a4572a0769946334c029c493d
SHA1

bd2435f60ffd4fb02e34aced9cd06fc207012768
SHA256

15693cf14766d409168118becf49cbb60cd20b506ffce14b0e509b589a56d232
SHA512

c8b1d74dd84ddd7dac4d2adf30474e7e62a220f063b55131073b8cb7772779bad26b0f6d0f88a7bd0f4a6e33b2207eb4f96b11554231c9cc1e2ef4e51812d35e
SSDEEP

12288:NHgdK9Rt6xOvEWXfW4rLOA0fGq0oV0HEeM/s8gXw/dR92:NAdKIxsfWAL2fvwHEUXXwv92

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Payment Confirmation.exe

Files

Payment Confirmation.tgz
.gz
sample
.tar
Payment Confirmation.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ