PO[.]zip | Triage

Sharing

General

Target

PO.zip
Size

478KB
MD5

203ccb260915b852d430bf3a4e0eaa73
SHA1

9f7a0fdfbf07b84900d79ab474a2d6ff26604c1e
SHA256

c5f372e3bf6e6744435d474df4b5a16e49c611519bf0977b0c077b3a7dc7847a
SHA512

751d1473a411e27e07507ebb159126d0a1ef6bd067bc4837172d2f44a7e5250812ecb485eb5854492127438d0b6092b65aa79d02156249cb3063c46decb98652
SSDEEP

12288:qLl4wjrZgO7JCzRJKpV/AXVEbsjA5ML/Mzp5M9BMO:qewj9JCzXyV/AXVD/M1y9BX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PO.exe

Files

PO.zip
.zip
PO.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ