63c67b3fd10686fd7d4a3552d84aa88a[.]zip

Sharing

Target

63c67b3fd10686fd7d4a3552d84aa88a.zip
Size

469KB
MD5

85e04ab8aec97cf4920222ae181ca240
SHA1

8fbd31804c9f22909d4e4601cbac7b3ffb39204f
SHA256

27e99a83d076d11fb1d1d9900edbad696f2f2a5ba528e1f8c0c1b8aeb112bbdf
SHA512

ffaa9bea78714c7f58f8592b70a2a06bc1346e9e7e151542b0f944068700c627ffb45792ece45f8dbf6a9fb6729a7501407704ae9bd2f5a4d3395f8d6624c42b
SSDEEP

12288:3EjGz7cYttEU48uzb6qlh0NA8ZHyvbZVBSngkE:3kAtt4P+/1ubjagkE

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/QUOTATION FOR NOVERBER .exe

63c67b3fd10686fd7d4a3552d84aa88a.zip
.zip

Password: infected
5255df65c36efd6375da49e34a82db8538848f4fc231ecc8397878aabeaf33f8
.eml
Password: infected
- https://lines.coscoshipping.com/home
QUOTATION FOR NOVERBER .rar
.rar

Password: infected
QUOTATION FOR NOVERBER .exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-1.txt
.html