C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\Fallkyriya\obj\Release\Fallkyriya.pdb
Static task
static1
General
-
Target
message__6554654a148aa91baa81eba864949685_grupofitec_com_.eml
-
Size
877KB
-
MD5
1ff4d48987364107f32975494881e718
-
SHA1
f9d335b6cf99b5e6ff82878bf2062977dcbc3489
-
SHA256
88d329bc79df8872e028b644de8a28cbc2608f632f841dbb21ffa4fa99d8ca85
-
SHA512
90c6cc027e415dcf7059a61fcb0e50274d0ed6f4384d3287542087d2fab51aa6d0644c987d568a4f9b3be39ee675c082f6edb4e58954d7b483690b352e7716e7
-
SSDEEP
24576:FNV0p5+YBUhQusEQvnoea/vD2naQFnuiL:JcVeD2aQVx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/Facturas Marzo.exe
Files
-
message__6554654a148aa91baa81eba864949685_grupofitec_com_.eml.eml
-
Facturas Marzo.gz.gz
-
Facturas Marzo.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 133KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Outlook-5widawpz.png.png
-
email-html-2.txt
-
email-plain-1.txt