Triwn.pdb
Static task
static1
1 signatures
General
-
Target
viruses.2023-11-08.zip
-
Size
4.1MB
-
MD5
8b3563afda8ce35890255139f2a15ea9
-
SHA1
007d157bfbc3c598e180eb0dbc3e6995c5f3aa46
-
SHA256
4748efc26d5ab69d454c0a3bdc50269cfd4a3c32fddb2341aacbf173b515e7ec
-
SHA512
94ab2f09a9cef33727199a345cbde3973cfe30c7679ee72034efe4968dacfd3cdfe46d945e4cf3c12ebca4478ea8e2c3da6cbe05f5ebe3b659afceac9a10952a
-
SSDEEP
98304:cgL7D0/k3BfWrTWRuPVU+G9NJYmS9lktp6Mqgrar:5EVtGrK4unB
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack003/NEW PO #0421 - 11.7.2023.exe unpack006/PO TKHA-A8816001.exe unpack009/E00100000635.exe
Files
-
viruses.2023-11-08.zip.zip
Password: infected
-
156084137.eml.eml
Password: infected
-
NEW PO #0421 - 11.7.2023.gz.gz
Password: infected
-
NEW PO #0421 - 11.7.2023.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 93KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
email-plain-1.txt
-
156085281.eml.eml
Password: infected
-
http://www.hotenda.cn/
-
-
PO TKHA-A8816001.rar.rar
Password: infected
-
PO TKHA-A8816001.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
imcCx.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 780KB - Virtual size: 779KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
email-html-1.txt.html
-
156088757.eml.eml
Password: infected
-
http://www.yusen-logistics.com/
-
-
E00100000635.zip.zip
Password: infected
-
E00100000635.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 54KB - Virtual size: 54KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
email-html-1.txt.html
-
765600239.eml.eml
-
765607989.eml.eml
-
765624605.eml.eml
-
765642849.eml.eml
-
765658284.eml.eml