Confirmation Order[.]tar[.]gz[.]exe | Triage

Resubmissions

05-10-2024 12:24

241005-plgwtsxerh 10

25-09-2024 13:15

240925-qhn2eazhmh 10

Sharing

General

Target

Confirmation Order.tar.gz.exe
Size

900KB
MD5

22257d69d8354585b66899f64c0c0499
SHA1

b9b8b93581d4ff58314560043e1a0f77f6b016e1
SHA256

206b328955094948dde0163fc226ac292906788fb4e9d8b941963383bd4a84fd
SHA512

9f63289f8a8643220a951c65e8ccd43bef2a26cace706a2be76615f3e523d73753feaf3cb68245df486da9be6c1b30900b838bdea955715301cf9407609d1580
SSDEEP

12288:2Eqv8RratEshTEMAiqoWpVvfS4D36FUOJT02id9IV/SxjTWAY+acgp8bQbQk:E8OZTEMAifWTvfuL42id94cgGIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Confirmation Order.exe

Files

Confirmation Order.tar.gz.exe
.tar
Confirmation Order.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fBuY.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 890KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ