19012024_0106_documents_PO17012024[.]zip | Triage

Sharing

General

Target

19012024_0106_documents_PO17012024.zip
Size

1.7MB
MD5

20eb785c47dd0f5554cca6be8f393f6a
SHA1

cc5ce8757f78529e47244fd6645211e375e854e9
SHA256

3b1a4e1dfe4ef2c26fa5fd639781d3bcd829148950c2b5eb131d787fb561bac6
SHA512

89716c60fc94465d1de4f721405f3aa030b2d570b879dce46737972325cacd13329e6b4c73608f09cb5173b2e4a64a4890706919d523b1e6009f3fefa2051d87
SSDEEP

49152:jznQAbuosR9h5u5yFdGvXpNG7J1PtoC/SoU8:LbudR960Fd4ZNG7JH/97

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/documents_PO17012024.pdf.dll

Files

19012024_0106_documents_PO17012024.zip
.zip

Password: infected
documents_PO17012024.pdf.dll
.dll windows:6 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DKPQbOkEZ
OutOfProcessExceptionEventDebuggerLaunchCallback
OutOfProcessExceptionEventSignatureCallback

Sections

.text
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

QI<niq_
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
launcher.bat