PO[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PO.zip
Size

602KB
MD5

03f6a98fa40b2380ce40b4c992929d0f
SHA1

87fafee764b1c88ac3b8dda0be7e20986d4ed703
SHA256

ba4076337b0d0670cb01c9dd326ba48a0def62d976e1ab4114ed83c0865b8da7
SHA512

2ea7602b7e96c3e69c5c1c94259e4e49bfae5be71bd9f79923cfc7cae390eea68fb369476f35057c74df7b5e007e819a32b2cd86b395a1d14eef43b995cb89e5
SSDEEP

12288:3cOURetIxxUMoCSbuRSqjI+mgtSHhokJiKhXNNWuz7tPT2W7wowDR4:3cOGQI0MiJqjvmgtSH/VCgt7jwZDR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PO.exe

Files

PO.zip
.zip
PO.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ