quotation[.]pdf[.]z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

quotation.pdf.z
Size

616KB
MD5

981426401882e5c4f71d3cc27e9f1af8
SHA1

3fe81dc04fc37b57c621055989d7d9db10f3fd83
SHA256

039ecc7e34978fb6b2a763989aeccf4560e44606edfee7f8edc383d8e9976ff9
SHA512

3bf10a7bfc74fcec7524bf99cc9c4d726503a4c1110f36e6df65c40bd8c6faf200b11abac17a5768118162db5694839a80d6c2e50ccbfaf7866ca63128897d36
SSDEEP

12288:sp+EI0fo2RUoV88wAMahlwR/3MKgHOWfJRnm/48K9jM7b3g6UCAFzO:M+ERRUoV1wRR63RnmTOMfQQAzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/quotation.pdf.exe

Files

quotation.pdf.z
.rar
quotation.pdf.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ