0-6[.]eml | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0-6.eml
Size

1006KB
MD5

55f8d88eb69567e79259350514fcfca3
SHA1

3b01ab992c350c8178c370c07f5d2727da442cbb
SHA256

dfd5c2d119275cbba47127957eaac01f0740a85ade999373d78c613eed4c7b75
SHA512

8c7a798148c1fbb37929a9e85936bb8fb48906ae8df25b882ffb71a5376b35ca460d80f7a7ad3b18e80a6ff930f7ab3cc64726d1be2a98b81898f806023ce8bf
SSDEEP

24576:M0XGzCFzPoRhYm4yKHBh37AwourU9X5gHuJhB:MoGz2qYm6XYkkB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/MTO-JOHNSON-TF-8548.exe

Files

0-6.eml
.eml
MTO-JOHNSON-TF-8548.zip
.zip
MTO-JOHNSON-TF-8548.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 939KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-1.txt
.html