Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY_pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
INQUIRY_pdf.exe
Resource
win10v2004-20241007-en
General
-
Target
4b38ed91279087b64a22c3295dca641c.bin
-
Size
821KB
-
MD5
d685f97b5d753d747ec6cf887946e18c
-
SHA1
34cbd9093f094b21839d0142e1f7567318942b1f
-
SHA256
28f1dbc23e2a990bc78165e7557b6702d1636fddde3c39e086b886057061ac37
-
SHA512
58456d3f8e9517955ac9d10c7f6ae4d86630f800dc4910b5bd6c54067120a48afd9402d4ff98b5bcfc3c7e75c05783b5bb98c71e50971e2ab5ab5f87eb040a9d
-
SSDEEP
12288:0hJkX7M8Y6RSKTzvqXJu/HMLkZPlUMaKZt02E6bCYEq4qflH5IVWjqynHZ:7XLPHFkLkx9Zt0H6bCYPtHGWGyn5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/INQUIRY_pdf.exe
Files
-
4b38ed91279087b64a22c3295dca641c.bin.zip
Password: infected
-
dfdc680a86c616e7d21104ea89e9a2a5032e34c6202b46448c12c8dc99cacef7.zip.zip
Password: infected
-
INQUIRY_pdf.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 861KB - Virtual size: 861KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ