ConfirmationOrder[.]tar[.]gz | Triage

Sharing

General

Target

ConfirmationOrder.tar.gz
Size

843KB
MD5

b071c4aeb1f47099f280b1e16d2612dd
SHA1

ea7efc0a70ddb2f1a10ac3da541a708873965628
SHA256

fa2b7bf295ebf55e26e4ddeaaf8b5119b5332b3b6c184a530532d162411bc3b4
SHA512

dda22470a1e63caa2a8b8cd2cc86a48a655a8a14669d5831bacbf25c6fbcbbc7b23fa39ddcc88b3a2532da0d7165ff2e0c0d6e934bae92ab15103e1ae0730110
SSDEEP

12288:NpAxzatS8nTEaAaqGW7Vhfs4D362RQmwBiqW4iaidhcVTi9jbWWYaqIe:NMmvTEaAaPWJhfM2MiZxaidhOP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Confirmation Order.exe

Files

ConfirmationOrder.tar.gz
.gz
Confirmation Order.tar
.tar
Confirmation Order.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fBuY.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 890KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ