25092024_0535_25092024_RFQ-2413AM-KE2800[.]cab | Triage

Sharing

General

Target

25092024_0535_25092024_RFQ-2413AM-KE2800.cab
Size

17KB
MD5

919602b35d42dc780deffd7195b2326b
SHA1

be33d8bf9f0851108e2da3ee04d87a26221f4b10
SHA256

1a9bd4e3fd45208185bdc1fe2bbac9e71c3d66ebecec27f3ae63d67951d92a42
SHA512

4b72750e5c81bb1808f6bad7f0a8dc29afcc8a8457ed57eca7a8e3e5d704092531af85a64630ad136873954ec5359704270470297ef658d47d5ef1714bbc1b7e
SSDEEP

384:E/fda1TP7EuFE3D9bmHSmTVXKA9Xpu2tD5AUq9kNbgNkv/lDls5oByC:E/lKb4uFEZbIBKA9Xpu2tD5yobgqls5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RFQ-2413AM-KE2800.scr

Files

25092024_0535_25092024_RFQ-2413AM-KE2800.cab
.rar

Password: infected
RFQ-2413AM-KE2800.scr
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ