C0R581684T55406296[.]eml | Triage

Sharing

General

Target

C0R581684T55406296.eml
Size

1018KB
MD5

5e59f04cc79f57059bb5753a9755efd3
SHA1

475f9f466fc1659dad3da8e74279d45f64810340
SHA256

5843ad83ae98b48fb8cc5d4983eb97bb591fb8dbee18d8c605feed5ff4ef7035
SHA512

403895e937a1a600e2f520a7caa79debccad0b3916012213e4f1a2a554ba79fe268e5d9d7977010dec69142f7dc07e335a7d5ebbb1c9cd85c0fff046ab29e86d
SSDEEP

24576:+MCLQPvqnqLxZeFQS8S/QUNozyFWOZEERu78Y2ITd:FLF1anMyFWOjRyZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack003/5te4PIwT1yN3uoO.exe

Files

C0R581684T55406296.eml
.eml
AWB_Ref.;5839077413pdf.gz
.gz
5te4PIwT1yN3uoO.tar
.tar
5te4PIwT1yN3uoO.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 928KB - Virtual size: 927KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dhlMedium.png
.png
email-html-2.txt
.html
email-plain-1.txt