QUOTATION - RFQ2496_PO 08775622879[.]pdf(87kb)[.]lzh[.]rar | Triage

Sharing

General

Target

QUOTATION - RFQ2496_PO 08775622879.pdf(87kb).lzh.rar
Size

3.6MB
MD5

3433a2076f4096a34abc93d4527b2749
SHA1

e28e53b5a65b51c7fc46b6b84e22dadbb6bf2b8b
SHA256

17a4a1dd4588641ec5eb6ce7986b3c35ff57a13b6693f0f886339d29c746947d
SHA512

cc86c4a6591dbe048125453d57e8a04dfe753eb9f8ce05f715d52b4ca4ab57d996dccc2f323f431c0344124e70155a57d26d3aab86370a727cbac193b2305e00
SSDEEP

98304:Wa++aY0V2b9RlgjRQfMno6G2EUBfGkRzPLetj:WGb9RWjOfMo6XEqGyjLcj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QUOTATION - RFQ2496_PO 08775622879.pdf(87kb).com

Files

QUOTATION - RFQ2496_PO 08775622879.pdf(87kb).lzh.rar
.rar
QUOTATION - RFQ2496_PO 08775622879.pdf(87kb).com
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

YgrU.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ