KD_SVR_EMS_2023-10-16_17_03_03[.]500[.]zip | Triage

Sharing

General

Target

KD_SVR_EMS_2023-10-16_17_03_03.500.zip
Size

21KB
MD5

c66f69df2961a18769f9134842f492e4
SHA1

4610d2ca8dc235287f886d8cd8634d43520c99a8
SHA256

94f1941b1384d9c16bda4ae9b35f3f23b64d4f041a2c46c02c77e7dcdd05049e
SHA512

334ad02bc437d051ff6b250ca2733389df4f2499aa5709b45be23e8c9b27fc7d05e36a8a18b83ea0478c76f1c980447085d0fb02300c8bfa59dc86fa2fae1196
SSDEEP

384:NuI4g5eZoQRjmM7Z0bOuhuYTMLfuKApCAURG/LhXhfMadxgFZWM9JaO+RC3FvZP:N54gxQ5zl0bPho7mVzLhx9gFYUJVFvZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Windows/Microsoft.NET/Framework64/v4.0.30319/Temporary ASP.NET Files/owa/8e05b027/e164d61b/App_Web_xiq1ygem.dll

Files

KD_SVR_EMS_2023-10-16_17_03_03.500.zip
.zip

Password: P@ssw0rd$$
Device/HarddiskVolume4/Windows/Microsoft.NET/Framework64/v4.0.30319/Temporary ASP.NET Files/owa/8e05b027/e164d61b/App_Web_xiq1ygem.dll
.dll windows:4 windows x86

Password: P@ssw0rd$$

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json