0-20[.]eml | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0-20.eml
Size

60KB
MD5

0b0be7e2a196103ac685b5f88dd4b28e
SHA1

a2544a20e7eff2cc08923c162236018cecb50f7c
SHA256

81cdff1c1747a898c3fb0dde2e46dbde0bc8d42f5b8345de6febe0200857c68d
SHA512

66b68b54c7714845578acee86cb1a6278869f541b46eeca06c8dee9b4eb22814a317e330c112ca16e906d2f02b2bc1a0f7c0989d0f1c7dbb7d96351586d2271e
SSDEEP

1536:I3TPsdfI1/666J/YtN4xye94wDMacL9VndhNwsJ:I3Ye/6dwAy/tzhVndhNl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/QUOTATION_MAYQTRA031244PDF.scr

Files

0-20.eml
.eml
- http://www.rizzutoimbottiture.com/
QUOTATION_MAYQTRA031244.z
.lzh
QUOTATION_MAYQTRA031244PDF.scr
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-1.txt
.html