23052024_1504_POT98765400098765[.]pdf[.]xz | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23052024_1504_POT98765400098765.pdf.xz
Size

588KB
MD5

65ace8169dd4ebb8fdbcebd41ba7247f
SHA1

0c392d00fa51976c9bbfef6c061568f80c0e6789
SHA256

34ad5c6c83fce7cec4232cbbff121934dfe93db3d3a95738f8d36a02da36d1f5
SHA512

b5a125071b478353e169d1fb778bd2b79782931274467fc2c3b279ab9a7426430783a5b401d3761a1b79536b33e85a1c495453cefa9e0681a98fc1ce5f30f98d
SSDEEP

12288:IP+1I9DinVcbtQMwDenpFmtsVrmm6ZcX3PTxrEkmHSoLJbyWVqoilo9t:IG1DnVGqynWtMK839gSoLJbtRv9t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/POT98765400098765.cmd

Files

23052024_1504_POT98765400098765.pdf.xz
.zip

Password: infected
POT98765400098765.cmd
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 683KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ