Amended Purchhase Order Follow Up[.]r15[.]rar | Triage

Sharing

General

Target

Amended Purchhase Order Follow Up.r15.rar
Size

638KB
MD5

f3927ced53726760460e2deee4a711c5
SHA1

403d01d21428a6e7a6c9bf8111d68b453ac2d0fc
SHA256

244e5247d3d0d26cc55d795ece7230447fd68ebfab783d25eac112e519fa764a
SHA512

06b7fd725ca3968c61b68b2557a6d6f5bfa9026b461c1b21cbd513cd6e01fe951ca65ce438710de0b526eeaeacb47521a13ff684c24bbf4e719ce174d1d38cc4
SSDEEP

12288:8fcsNWmIYQXkoBEW8rVIcYpdPjS7HJwyy5tSoYh2QRTL+XOMcV:8fIXhBEW8rV/Y/GwyyfSn/RuXq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Amended Purchhase Order Follow Up.exe

Files

Amended Purchhase Order Follow Up.r15.rar
.rar
Amended Purchhase Order Follow Up.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ