1_email[.]zip | Triage

Sharing

General

Target

1_email.zip
Size

509KB
MD5

d7e0b9f679bafc78cf5aadd5c3480545
SHA1

185bf43e476b4027492ace2b73d69cf0eb1ea875
SHA256

5fab2b5a50f8f9432a51f9e9538b1151d6cff93a2744144a8e2263f7f462e231
SHA512

a76d9f17434f56e51fa33cd0498d4dafc4fc348b2fa19fc5d919f2173fd38651c3ec47c2380d95fb723e43a3f64459e19c3e2e3414cd08c49f3911d3e0d17a7d
SSDEEP

12288:XnLaBzLTZGXZ+mStdggO7N0nTuL33nkXvICwCkcw6MOIMJ:36rZGotd1KN0n3HnMOr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/pago 4094.exe

Files

1_email.zip
.zip

Password: infected
32b4f238-3516-b261-c3ae-0c570d22ee18.eml
.eml
- http://facebook.com/
email-html-2.txt
.html
email-plain-1.txt
image006.jpg
.jpg
pago 4094.r09
.rar
pago 4094.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mKkHQ.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ