Quotation[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Quotation.exe
Size

1.2MB
MD5

d166813b013040dfef5f7941ac8fb8f4
SHA1

26e7a07d850bbe9621dbd207c9e579fe1f5b89c3
SHA256

55f06280aa0fdae2e91ac2c0c3035c56d46a56d4b00afa6f8ac60598d78df113
SHA512

caeebd9a2f9b38c0565db8513d433fb5d217545566bd0747728383c16b9e540deaa28b37cd1985622c238d0fa63651bc796e736f8f909dc502e28af49f075c73
SSDEEP

24576:OP0t5UK8l3DjnZsaBvpqrg1jW/xeDOe0DTTU0SAo54FKMF:OP0OD96U1jMYie0DXU0S70KM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Quotation.exe

Files

Quotation.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ