Purchase Order[.]GZ[.]gz | Triage

Sharing

General

Target

Purchase Order.GZ.gz
Size

906KB
MD5

8e2c544c116b51f4857a574ee57f3c52
SHA1

ffba46e628c026d8547bf392966e3b616dfd6e6f
SHA256

678bea007fe0302874c28fa618e025066b93681f6b4747fef65992e69746cd77
SHA512

41e4e7eda4d742cc742b340c2b2a419a49b53390cc77d6d1ed053c82e82e90da0d15e029f0511b1ab35892e6885f80ffe8de84b4ff5673dde4da87eb2cd4674b
SSDEEP

24576:PuLuCZGaelR+6nSfk2GAvEsI75J3IXKL3N5NeBZrGg:KfeloTvG8fI7D3Fd5N8Zr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Purchase Order.exe

Files

Purchase Order.GZ.gz
.rar
Purchase Order.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aeCT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ