15797564897[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15797564897.zip
Size

631KB
MD5

dc37c11ab49999f508b73e2c9dbfd752
SHA1

3372016b163782528ea266359a11cab6ca2b4e94
SHA256

865f194f7e86117522b9afd60af9da7e015260ff07178855a3df5ef058004ea5
SHA512

1f9cdf3222f9c618a570942327f992d4b5f355c815d4428777c16ebbbf83ac00eb16737efbbd042384cd80b1d018e1852218807b1ae65a2ea5e981bd8b2c7136
SSDEEP

12288:ukS1pO9gyQQpe+Q4EuZRcx2+ZICQ2lKHkaVPtgk+5qbMUjR:DS1EJQf+f9XmBI7eKj5K/5yMUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/Shipping DOC.exe

Files

15797564897.zip
.zip

Password: infected
5de2e07487dc09c0b6c494dbafa88dc8b313777f76e075258fe018ee7d4c0f5c
.eml
Shipping DOC.rar
.rar
Shipping DOC.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

IbUA.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 609KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-1.txt
.html