Quote[.]lzh[.]rar | Triage

Sharing

General

Target

Quote.lzh.rar
Size

858KB
MD5

1ee5ae50ff6ddf23d220f20d90c7bd59
SHA1

b9244d806463d1477d136dffff0facaeca7ff78b
SHA256

7864d31f7ccf35934bbab34115c83952b94dfc7223929ac03fefac2b17ed7927
SHA512

ac0deff430b2bd83c8886162d097fe4fa9cca9cc1dc2e5beb98fafa9e60df0b85c098dfcd51c8a462732926c4965bc349028fd224fa09004899e1112a37761ac
SSDEEP

24576:F8EFCciF8GAenkfJo9ekN3tGTpJlPi5ssaeAPdig:F8ErMkfJo9F9epPDeAPdig

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Quote.exe

Files

Quote.lzh.rar
.rar
Quote.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

yQev.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ