mail[.]eml | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mail.eml
Size

833KB
MD5

332d0fa51e587cc88540aa50454e5841
SHA1

5120f638bc2b5fb0a2ef7686d778462f2faaefa0
SHA256

71894c869bcc2e8fd154cb295c969b11cf91a96ce0129e3192c23e4704ce298a
SHA512

5e8fde8b47ecca941d55092d475db6b4a8c7bb0ddbba5aece15cb874e024a9ee6b45939feb0def563aafd022ea22ac76516184d628e5a64b5b08d85a796bdb33
SSDEEP

12288:2V/ku5iCCoCLUbj/us+B81UCHpxdkozVHRSpQ5MMX7MMKmBKBrv04D5dVN:U/v/DP/k61zHBko5xSedLovFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/QUOTATION.exe

Files

mail.eml
.eml
QUOTATION.zip
.zip
QUOTATION.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Oblp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-1.txt
.html