28092024_0103_27092024_Doctor firm order form[.]lzh | Triage

Sharing

General

Target

28092024_0103_27092024_Doctor firm order form.lzh
Size

652KB
MD5

eb8330f71bfd73d499cf310e3a7e9332
SHA1

c0c5defe21c502faf32fff77f5a81ed1661cc1aa
SHA256

241a63ae9b38398c8b01a096d48ee5d36fe95c1277da2828015c1ff82d0d2e11
SHA512

de8eeea12dddac19b63101c00964eb86424ec062e3af20d04ce599dedcecb7545ce9d52683a1c8ff8a9381b94f603de4d1d4cd2a3b717794384d1834ea167cdd
SSDEEP

12288:2NcvalIJWjjyPbHq0q/Js8E0x4ugRoOLqRXfUNjIiPOmGQ1KSmht9NOO6tQJ7o:2N3IojMq0qxRE/uMscfPAsmL/mT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Doctor firm order form.exe

Files

28092024_0103_27092024_Doctor firm order form.lzh
.lzh

Password: infected
Doctor firm order form.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 667KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ