06062024_0748_06062024_PO45310020--Qianjin[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06062024_0748_06062024_PO45310020--Qianjin.zip
Size

635KB
MD5

16729f46e49bdc4b067b913f16e70cea
SHA1

d1901039d2c691a6c5a3c3aced447af803509e4b
SHA256

ce46631af186a118d9aa6ab2c7b3a07bad209a5d0de93310e58dafa4e2de985d
SHA512

5bec2c607f6f97ff227265fc15d4ce112da90064b333c93e9f9cb92461edce8b591eb586fc58c78aea63ccdfc2824e0669cc1186b1371705dde262568e095284
SSDEEP

12288:8hVQ4CeIhKgAOXUw8Q55MzszSYTLbjOglqQLVcKkqhF71JVVDSDjP:88hHKkUw8QUszXXjOELmxqhh6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PO45310020--Qianjin.exe

Files

06062024_0748_06062024_PO45310020--Qianjin.zip
.zip

Password: infected
PO45310020--Qianjin.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ