Prefer Quotation[.]zip | Triage

Sharing

General

Target

Prefer Quotation.zip
Size

58KB
MD5

614a012c8c69e306fdb79a9425db0947
SHA1

5d177417714e21338e3b5ce5c05acb3e3ce1646b
SHA256

1f50d3df24794f2bd24ef1c3d5ae6d9aa149aba042733dc03b78ad32a266579e
SHA512

06af58d2cdcfbe2bbe8ff26ad0fd1ca4fef1b6ba0d722d04e638d8d5c5f37a671f5158b944d2d2fc408c30751a5c5e9894f42a0a81d7dc30c9d1d8e04115e8ab
SSDEEP

1536:PlCAEXBSr7SqA+wjsI6rkVjykl+CIyJzUN:PxFO4NIVjyBgUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Prefer Quotation.exe

Files

Prefer Quotation.zip
.zip
Prefer Quotation.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Users\Administrator\Desktop\Outputs\sZGMEgujByTfnzp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ