ENTIRE_MESSAGE[.]eml | Triage

Sharing

General

Target

ENTIRE_MESSAGE.eml
Size

246KB
MD5

4a45631801f58a540ea6b0c3061cd609
SHA1

38aef54a004cdc43a11dfe06b9a44b88bbe03534
SHA256

eb23dfc37618b0adff26812a8cb25ae23ea81a5d2742e39b7b8e18777932a23a
SHA512

df5e8c69a437247f33472afa728e44332852e6a5c7618506c0d4cccbf5ddd06bc2089425460112db46f717805d742f87a3b7e50805c11488aa938bfa52e28336
SSDEEP

6144:Pg2weEZNKmBc+FhrOMe2S3uYWGIzIu6rnLfWNeLOM+LTjb:MzRSSje2S3hWGIzQz6M+vjb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/NEW ORDER QUOTATION.exe

Files

ENTIRE_MESSAGE.eml
.eml
NEW ORDER QUOTATION.arj
.rar
NEW ORDER QUOTATION.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-1.txt
.html
image001.png
.png