quotationsheet[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

quotationsheet.exe
Size

703KB
MD5

d1e338f0c608088b7b5aa2e20c3df8ca
SHA1

e27a61a67b4c103595135df9567cac7152d93765
SHA256

d3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d
SHA512

2664e688950b24991784c62c7e898f23d4d95b8847122add721ce1e88030b84456c54394ea23488d840009a74032d799db004af9ffe9e352f5abb02061ca9b97
SSDEEP

12288:nbhdAAU3oYkb4oGrX52fAXAxySliLh4oIhoBIBAjdHU5TCsnX+phDqM9FDv:nHAZo1FiJWAQGLCoIK6AFiGsO7D9v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
quotationsheet.exe

Files

quotationsheet.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\may\31\NAM\obj\Debug\NAM.pdb

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ