PO[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PO.rar
Size

819KB
MD5

16e5d68629fa76a6e27182ea02ed8145
SHA1

7998c1539c5f022dc6fd8c416f68ce96cd764854
SHA256

6c76e7c02bd3c784cc216d6c311ecff3d71decda87496a35745a49c5f9ae8e79
SHA512

0a259a276d9b364d5f862142cfa934ce11df227489b340b4d4c66ebe09f55f2ae19786b88390a17bd7d73c16793c4577c6c1850c31005b2f49a68634230e9537
SSDEEP

24576:+PLum5lFs9oK/rPuQQLXB3w1HUoG4HjwdF:y3zFGPur610+sdF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PO.exe

Files

PO.rar
.rar
PO.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ