19092024_0055_17092024_PO-8776A[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19092024_0055_17092024_PO-8776A.zip
Size

10KB
MD5

9b5a4d5fa52ca2af2fa99859780e6c12
SHA1

9cd1bf8b47ecdd80c35870dfccec77afd27528fc
SHA256

41dc822b7cb79da05ef16aca343023c3f46f551cb40aa753aede80771a539f01
SHA512

3002866eea2532b1d853bd953dc7041460702db231ed5c9fb2dd1cc52c3684391e493969352d43ccb0a314f762e4c6eb781dbe789e98b88e18ab9d76b3ac933e
SSDEEP

192:jvlv2M3w4Z+jaDh/bKs4bf74ozNjU5UPl5S4O4Iyv7KraeS74FrnZC/pyo/eQ:jdvL3w4cjkKdZ5oqLO4Dv7KraeScrepn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PO-8776A.exe

Files

19092024_0055_17092024_PO-8776A.zip
.zip

Password: infected
PO-8776A.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\2023CryptsDone\BloodDonation-\obj\Debug\Elainaopal.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ