PO # 16539[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PO # 16539.zip
Size

555KB
MD5

accfe11c9fb2a16f528e5147afaee5ca
SHA1

cb5c5bd22d60538356c58efc5bc887ca3ada56f7
SHA256

d0e87e3e00fcccf1709ca7ec50c8ff2521cfbbfcef0eee9559043748ed46a95f
SHA512

a73c6315165234dd8b95ba1e21ec0d933be6b570398ec1cbc82382d956ddb048b238d66b299b764e7005041ffc48899828aaebb2694275dace5fd9611222570d
SSDEEP

12288:ZfRnk/x/WCwCHUtJySOeZOStJ8vsJlWKLlrJkh3:7QgCHHIOiyElWt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PO # 16539.exe

Files

PO # 16539.zip
.zip
PO # 16539.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ