19092024_0050_18092024_PR2409-1513[.]pdf[.]rar | Triage

Sharing

General

Target

19092024_0050_18092024_PR2409-1513.pdf.rar
Size

581KB
MD5

f028c276f5d4a51f35b8bb04c2c3ca44
SHA1

5f3cf4ad6f23b327ca230da29bccb17325372e43
SHA256

0fa5bc9dee4c95c6fc9468aa5193eaba99fe766b28defce9e9878677b7c398bc
SHA512

f5eaae5285275516b08cc224701fa9a23b6c8674f5dea1311844f05cfb5fceb9a7670813158bdf18b26652c87c79e8e3a6191dd3f0831cf3d259b8fd503ef99c
SSDEEP

12288:+e2/zcYtGolqYfpmGr5OfsYbbOrnEt9zd9Xh1dolQJsKVa7dvStXnLnRaN5HXsLu:+7hbpJM7KrnuXh3fJsxJqdE6cr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PR2409-1513.pdf.exe

Files

19092024_0050_18092024_PR2409-1513.pdf.rar
.rar

Password: infected
PR2409-1513.pdf.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

xSWX.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ