10082024_0414_09082024_solicitud de cotizacion[.]bat[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10082024_0414_09082024_solicitud de cotizacion.bat.7z
Size

222KB
MD5

022d4898594e3b56e5c2f28ec0204190
SHA1

04ed3b75411595f69ba0e2746de2fa63a6923054
SHA256

5a3806b4878d8e062243a9d667473b40bffcd33f15cb881116cfdc1361ff7e4d
SHA512

3041f01452e5ad14e429231ddfc9edad4276e0ab8f2a745e08c5a53a34bc14c87afd08825e3f138a2854f60c733768dfeaf5f957aa3eccb2368348437041dccf
SSDEEP

6144:rhYkO6P70CNkU3cgG4gNcPa6bDJfrdpyone63vrKHOWPxUk:LO6P74U3cgYx6PJzdTTkPxUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/solicitud de cotizacion.bat.exe

Files

10082024_0414_09082024_solicitud de cotizacion.bat.7z
.rar

Password: infected
solicitud de cotizacion.bat.exe
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Documents\CryptoObfuscator_Output\11GHDDFJH765.pdb

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ