Static task
static1
Behavioral task
behavioral1
Sample
PO45310020--Qianjin.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
PO45310020--Qianjin.exe
Resource
win10v2004-20240508-en
General
-
Target
06062024_0748_06062024_PO45310020--Qianjin.zip
-
Size
635KB
-
MD5
16729f46e49bdc4b067b913f16e70cea
-
SHA1
d1901039d2c691a6c5a3c3aced447af803509e4b
-
SHA256
ce46631af186a118d9aa6ab2c7b3a07bad209a5d0de93310e58dafa4e2de985d
-
SHA512
5bec2c607f6f97ff227265fc15d4ce112da90064b333c93e9f9cb92461edce8b591eb586fc58c78aea63ccdfc2824e0669cc1186b1371705dde262568e095284
-
SSDEEP
12288:8hVQ4CeIhKgAOXUw8Q55MzszSYTLbjOglqQLVcKkqhF71JVVDSDjP:88hHKkUw8QUszXXjOELmxqhh6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/PO45310020--Qianjin.exe
Files
-
06062024_0748_06062024_PO45310020--Qianjin.zip.zip
Password: infected
-
PO45310020--Qianjin.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 671KB - Virtual size: 670KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ