103ddbecf62984789f874fb2d4ec846feeef6d40c191bc35285379a7c6d77228 | Triage

Sharing

General

Target

103ddbecf62984789f874fb2d4ec846feeef6d40c191bc35285379a7c6d77228
Size

409KB
MD5

845f30f2eb3538e95b984784090ee1b1
SHA1

dae418bbb418d0cf4b7488e8143afe52105cdf70
SHA256

103ddbecf62984789f874fb2d4ec846feeef6d40c191bc35285379a7c6d77228
SHA512

ef9cc82b00f1d033b5768dfb9f102e35692f7ae6f6ab92bbd2085630353ca70571335f465a53ffcd1d90b55b72eb90d7dee10c1a368ed9b806fd2cb73869cdb9
SSDEEP

12288:gr8LXWPG+wYDt4XdSm/5veBKwzMgku5NG:08aPb3s7/58KXBuy

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/Quotation sheet.doc	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

Processes:

resource
static1/unpack001/Quotation sheet.doc

Files

103ddbecf62984789f874fb2d4ec846feeef6d40c191bc35285379a7c6d77228
.rar
Quotation sheet.doc
.doc windows office2003

ThisDocument

NewMacros
offer_pdf.bat
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ