GQxi.pdb
Static task
static1
1 signatures
General
-
Target
C0R98207T18273857.eml
-
Size
782KB
-
MD5
6276e5c4fd329cd383a07b266a6e47f7
-
SHA1
e1c65d0d214ceaea87c02d74a85da10e44b4279e
-
SHA256
eee311b04caf12e98c21cf30f99251da27933f1bdfd7e794139aca1ecd48b730
-
SHA512
1757c4edee7bb012e3bcce59be9057faadd4de97c008cbb9395e7e08845c341d13bebb927e51a6ef6528e5ef59778d338328fa10efed5be2eedc9a9874e087b7
-
SSDEEP
12288:k9ena8OzR3mpqmES6uqcG/zXLyBDpq4wScSqYyi0OyPc09jJLhXX+KmE4XR:U1v3mqS6zcG/XyBDbcSIlP1xhH+KmT
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/Invoice 202400321.exe
Files
-
C0R98207T18273857.eml.eml
-
http://www.energosistem.com.mk/
-
-
Invoice MRT2470.zip.zip
-
Invoice 202400321.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 565KB - Virtual size: 564KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
email-html-2.txt.html
-
email-plain-1.txt
-
image001.png.png