Static task
static1
Behavioral task
behavioral1
Sample
OCBC.PaymentAdvice.pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
OCBC.PaymentAdvice.pdf.exe
Resource
win10v2004-20241007-en
General
-
Target
13112024_0149_OCBC.PaymentAdvice.pdf.exe.iso
-
Size
76KB
-
MD5
80b5f7eaba74d8d03bdb37e4d2fa3646
-
SHA1
f12b66daf42c7b886e258a91a507b22ff1a0eb9d
-
SHA256
ed11a1720faafbb6e931be84e0159e6f57886ccc928e9c1bf007b4c6bf2c4d2b
-
SHA512
987b82192e52f5f49a62d64aee8e0cebac29842c5366ad72e4132898e29ad745f3643e10a5aa0364e0bd7d0083c98a236c21f9ffb2ed716910d5fb5efe6b7deb
-
SSDEEP
192:X9q/z/Yk+pxEnFgA/Wh764JziWHCEvNesGIN:X9Q8vpxEnFgf76UvvNesJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/OCBC.PaymentAdvice.pdf.exe
Files
-
13112024_0149_OCBC.PaymentAdvice.pdf.exe.iso.iso
Password: infected
-
out.iso.iso
Password: infected
-
OCBC.PaymentAdvice.pdf.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ