96064020fdcfa7ae0391095d51787127c413b0d799275aa7be42058efd737dec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96064020fdcfa7ae0391095d51787127c413b0d799275aa7be42058efd737dec
Size

653KB
MD5

40261a7e87e16f4ad0c2672138431499
SHA1

8ce791cb73d93fce2612fa2426f78e60bf3d7b3b
SHA256

96064020fdcfa7ae0391095d51787127c413b0d799275aa7be42058efd737dec
SHA512

a10bf54d7137898d3418872818bfe967c1a0a9ad81a68078a11db3c3394573abf5efdcb9944130ffbadfa14146b35153aa01844bc92a588834b4a7436e8d1688
SSDEEP

12288:eEwEkDmEs8ishDk15CpbKCa88lNTOL9zUt3k3buNRU8bW7WF1cl7YsebGM8F6jUG:R3lEAsh/KCw69zUdobKU8KsG5KT8F6gG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sampl For Quotation.exe

Files

96064020fdcfa7ae0391095d51787127c413b0d799275aa7be42058efd737dec
.zip
Sampl For Quotation.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rllg.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 684KB - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ