INV-YS-8487-23-POLSTER-RTK2[.]0-SAN LWIN_doc[.]cab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

INV-YS-8487-23-POLSTER-RTK2.0-SAN LWIN_doc.cab
Size

535KB
MD5

2d25fdc3c4d165632b38b1f7cc82a819
SHA1

6e05a70066f454e954b43f55f7095b3afd4d7e6c
SHA256

cdcfb3a4f32e2ba1ccf48a5fd68bd8af29f408d97914d206b9e96686116fb63e
SHA512

aca108f6e55604dd14eb7f146fd1ef47060e7f6e101525925f53ec94ebc492f6304d3f6f7cbd880146f8008914fd2245f33e99b8d206860067f5ad0c50d30da6
SSDEEP

12288:3fFPHsAnvOGymH13F9rQk5rJuwxAg6rPsBLrTWv+Bha:vRxnmy13FZQkl0gosVrTWcE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/INV-YS-8487-23-POLSTER-RTK2.0-SAN LWIN_doc.exe

Files

INV-YS-8487-23-POLSTER-RTK2.0-SAN LWIN_doc.cab
.cab
INV-YS-8487-23-POLSTER-RTK2.0-SAN LWIN_doc.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ