Quotation-pdf-[.]r11 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Quotation-pdf-.r11
Size

669KB
MD5

f14146758970c56b080db89771c87928
SHA1

4709a00dfe4182ca6e88a51cbab80e1b95dc0e08
SHA256

d53fd9ed88dea848ef5e9d7db43b74640d32253d73f77c06aed36ff58e38e906
SHA512

fe684301497955a3fea5c40e23486116ab98833b8a21481b4a922cc82c6e0aa4344bca645c645915707d2e741f852fa7ea9b068a6731cd4ca4a16edd9752a787
SSDEEP

12288:ljE8ZbYyraYqDKNwaHhqjUCh5/Bfnx5HyFX88UOpF2xvqUIXrCb8yY1Hbsu:lI6bYFjqgthtdnw5BpF2QXrCbdY2u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Quotation-pdf-.exe

Files

Quotation-pdf-.r11
.rar
Quotation-pdf-.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ