Quarantined Messages[.]zip

Sharing

Target

Quarantined Messages.zip
Size

659KB
MD5

ceab958bb380440363a03fef7380c5ac
SHA1

1fc6aebd274f84b644754ee925552055b15272fc
SHA256

1dc0175672ce78ca1bd1f9a90fe0c8b1e8a8b245ab090bc8089c552969315047
SHA512

18f85182843a38bf266811c3c8751cd91a1839ac751355a7fd0c2cbe1303b33306209bf6e1a62bd91fcf0a5e084ec3fac92d21e1d3837a3a965755f6664ec8ce
SSDEEP

12288:w7Uj5ulKBkpf4QXugJdKH92PPQk3zScLDAzQDCuMQVY3BHgAisUa+Na9KL:w7i5oekQUPQ00zQBVAEL

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/INQUIRY FROM ERWEKA.exe

Quarantined Messages.zip
.zip

Password: cyber
86f6176e-2463-4338-7b8a-08dbc1688c16/baa6e9e4-74ba-393f-a194-752661d0888a.eml
.eml

Password: cyber
INQUIRY FROM ERWEKA.pdf.gz
.rar

Password: cyber
INQUIRY FROM ERWEKA.exe
.exe windows:4 windows x86

Password: cyber

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt