hareketleriniz [.]pdf[.]gz | Triage

Sharing

General

Target

hareketleriniz .pdf.gz
Size

73KB
MD5

9c20dfac1e8190c1a73f507b7fc1b0bc
SHA1

431d76808d911da257bbb6be05bedf544cbe9d89
SHA256

dd2d8ca6602bafc8c7717f66402fa24743a7b9144d349598c7aa412ce33365d3
SHA512

2a5c5bda5e02ab3a453487555a79c529e82b6af0fb9251d8e309d142742b05905458dd4e6985d2d421b44c8d7e910d1c983fff8fa1464e70a9417b7216e860c0
SSDEEP

1536:ga/xYWbHs0yEA5pox7r10NCwo4LHQx4K1/v3t3/f:gwxOjEAzox7e7hJK1Hx/f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Qfegtu.exe

Files

hareketleriniz .pdf.gz
.zip
Qfegtu.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ