e071783b4f072df4982a4e676b5b4c08 | Triage

Sharing

General

Target

e071783b4f072df4982a4e676b5b4c08
Size

289KB
MD5

e071783b4f072df4982a4e676b5b4c08
SHA1

1d292815771503df127a8e5ebd00dd447d8dfe6b
SHA256

ba02722034f9381898b65e8f64ab7ec2e77cdeaa3bc7a3351b1241161611cb73
SHA512

bff3837bdad2b02bd7aac437d12060c008a25a9c1711f21ac17d7498422dd979daeaed37ea3628e5c4546d37cef190fe0f8b335a15cd21a142ad6649c0e9f1c1
SSDEEP

6144:DikYf1udmGRTYQULtxgt1fOeSSNLknEBgNqrmwIWHOaC3ujgdX+5E:mkYdBG9MLTg3OeSmLkEBgNqiwIyYVO5E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/b123.exe

Files

e071783b4f072df4982a4e676b5b4c08
.eml
b123.rar
.rar
b123.exe
.exe windows:6 windows x86 arch:x86

439ff53323e9506db8654c0d8af9cf37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumTimeFormatsW
GetConsoleOutputCP
GetLastError
GetModuleHandleW
GetProcessHeap
GetStdHandle
HeapAlloc
HeapFree
LocalFree
VirtualProtect
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenW

ole32

OleUninitialize

user32

LoadStringW

msvcrt

malloc
memset
towlower

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 765B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt