Quotation[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Quotation.exe
Size

659KB
MD5

5fe186dba01e6ee8355f8983bd13944e
SHA1

b5c75991cc0e0e6baa12666691fcf38884d6abf6
SHA256

4e7e2546901dc10eda0b3ec5237250129899018f3464bc33dc626952134435b9
SHA512

3fcbfd546f7477d3d68f5f0b266eb493e49e6012494b00519779c4c8c80ecf67bd3074765dce94f252cd49635a1a7b3066fa2f3f4bbdfb1bca27263f36ceac25
SSDEEP

12288:OcKsWWTVwiuHJBS67H77HVeHG6S7IPOixS1wx3vqzw1RgI7:GsWW5wbHJc67HvcHG97IPU+q+Rgm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Quotation.exe

Files

Quotation.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RwZQ.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ