Inv08_09_2022pdf[.]iso | Triage

Sharing

General

Target

Inv08_09_2022pdf.iso
Size

568KB
MD5

0c1c69926928a21c45372ade29cf9ad2
SHA1

22192915215690c426cfe8c3eabf5a95ff2f05db
SHA256

3118ae5d1126fe2fd3a1290cfd9fe7bba6bdf9fcc16985938e9836d57d30f617
SHA512

e63f38ef814c80e3b74565d1bb9cb6bf02deccbe1f179481bbf6d244e8ba0066ec52174062d3c4e46c7abb7156512f5a006820b0219b60303c84a2e0cca0a223
SSDEEP

6144:B5p0YG8VUizUWf9dJMlDeBbxHXJNxbxNlDJAMbIWlb+lDzcXaipWWm/Wuxu5/bb9:Bv0CjBtmQHuqlemyA+uhDu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/your/nowThoseUseBecauseAs.txt

Files

Inv08_09_2022pdf.iso
.iso
out.iso
.iso
Invoice-August-09-2022pdf.lnk
.lnk
your/give.txt
your/nowThoseUseBecauseAs.txt
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DFJkzsnnK
DpOoiJSwbuciP
EgeNeJkeioE
EyDLVbJZzPMV
HwRByCMYkzOQnHBF
KAJGyvAThKscYAK
PEgwKfCjU
TNkyEiodrYnS
VRsJquV
YQgtiSt
YwuhdTE
cfhdshfdgjhdgdfhx
jmVvZZsqdo
nSUWtwTEe
qnPcpsxmjBm
wqdEAy

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ght
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
your/orInHowPeopleWe.js
.js
your/say.txt
your/tell.txt
your/theThingWithInWay.bat
your/thing.gif