mkpub_2851_RFQ[.]xlsx[.]gz | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mkpub_2851_RFQ.xlsx.gz
Size

136KB
MD5

575d1ba2f9407a51afd2bf47fcfbde5f
SHA1

3efe37f53fc1d27b66bed3f7d4e42efa4f81eec6
SHA256

5d38678b702a4757e4d8fb480a3b704bb2f876a44532834cf0e2c2a62a82c86b
SHA512

3d878970c6f69281a1ea74495a5c742c7a33dca1f5ac1cc0b06c601c01bf39bfb3462cd064844381710476d80215d0b4453aada009000f187d36556d39533571
SSDEEP

3072:7BC9RiJ0KEi3aJbRg9VoMt56S89vmf+RWXXMXiGXEp9X9G9i:2iNXAtg7oMvD89OfuiGX69NGc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Wazxswmrb.exe

Files

mkpub_2851_RFQ.xlsx.gz
.rar

Password: infected
Wazxswmrb.exe
.exe windows:4 windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ