qQUZ.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20241007-en
General
-
Target
24122024_1655_24122024_Quotation.gz
-
Size
875KB
-
MD5
00b7fefa6fc125bb4753c05296e9ef76
-
SHA1
82af869dd2774ca08e35d07d70cee1b40e70b486
-
SHA256
bdade424b285ccc8e249a2d1a485e35429ee4b6b2e168c65dc14b21463d346fa
-
SHA512
54f2d282b305548b5962ccd956a6a13ed0134eb204d4622baf5c3d61070876673e1c56c8f2fecd7c868bae9fa62eef7ca65f27a0e89273b6bb77fadd7dfced71
-
SSDEEP
24576:uiVIL7TfOkBkzIp6OBdyFGdViW91ZHwOTX3vq1TgEDLfc:uGATf3BkzIpP46VRHHrTPq1TvDLfc
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Quotation.exe
Files
-
24122024_1655_24122024_Quotation.gz.rar
Password: infected
-
Quotation.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 937KB - Virtual size: 936KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ