mail[.]eml | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mail.eml
Size

945KB
MD5

0d6ad423634144772b1653da19c0175d
SHA1

8190eb2d1e3afa55ae5c7c80c124c326de4c2d75
SHA256

f72d99159f1a9fad18f8b251efb9b754b58d9be263d74601f9babda69174ed0f
SHA512

7a8861d60b48b2214c66b2e03709f39ac52126b3bbd964ba49a6230f7f958820ed5fa6de10d6463fbb7b60a7f4aea8ed3d4291e14207503ba0098afdd740fdb1
SSDEEP

24576:z8rOlgZoCoZ3mu0QTfCd3eXv9phQ3CQinq9Kb9aVGM92:QrOlgToNpoYs3w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SWIFT COPY.exe

Files

mail.eml
.eml
- http://www.clarksons.com/
SWIFT COPY.rar
.rar
SWIFT COPY.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 782KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-1.txt
.html