30092024_1158_29092024_PO-098765678000[.]Doc[.]z | Triage

Sharing

General

Target

30092024_1158_29092024_PO-098765678000.Doc.z
Size

669KB
MD5

cd139f64b5dc030a58086466cdb6023d
SHA1

462f2d293789b32b925c43866c1cddb2c00b5a38
SHA256

b812a55ff904cbb2d44d5e857e1f55fc6523c702614a95a5a5c597049a120749
SHA512

9437ac5cbdc98ec2aa4ca76c96ac33ffd31eb816b6134afc6824dab17642bb1e4e85ff4d9a4406d8386e17b07fb12481fb02dc9b8f7bfca929b6dbe7941f7e14
SSDEEP

12288:Vga3qZAUwmwnffA+Qm8AOXSTDA/TS+H10x3X07F5HQcRccVi4iQKonJDZ:qa3Zu+Q3jqo30x3X07L324vnJDZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PO-098765678000.bat

Files

30092024_1158_29092024_PO-098765678000.Doc.z
.zip

Password: infected
PO-098765678000.bat
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

KOPi.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 750KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ