Position_Loader[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Position_Loader.zip
Size

4.6MB
MD5

7877939fb7f6eeaf9a83b59b33a025bd
SHA1

f9d5c66cf65862e91189167ea71393a42880088a
SHA256

ff4bd2041e8ea090c1649403cb3db8e0a31bd5b1299ff9033527308d9785fcb8
SHA512

a7e7b98ea3a8c98fbdefc54445383bd986c7ef0f2ed702c35579bd00fc81d92f858a9df3401386364659936974697955932b6883156252201615f068a6a5d5e7
SSDEEP

98304:qUhpnB3nMb1nXzb92byIEr5IvL7LrWAiYT7JRfRHE6u:qmB3nMb1nXEyJGvv3xiYTlBU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Position.exe

Files

Position_Loader.zip
.zip
Position.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Position.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ