Shipping document[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Shipping document.exe
Size

566KB
MD5

df8bf1421a9a81e46261a0497e1633a6
SHA1

c0f0b8fa4b4a88dae1ad731fd230fd76730e8f64
SHA256

6043022180880a41f1a49a0c9eeb4a81b151d14705d14409a96711ee65f40e24
SHA512

9a31308393742e37c0a9ad597a11e4fdbc54b5ac900c9a1cf4416a952869e6df09a4b82ee3e11a9dcbb25605abf77789a88475a48949e19d81fe174f6c521aa1
SSDEEP

12288:/qTrQaSejL8ZJ9Bvlew2Dp29MetNvavPg4tmHhWDBhePZJeTbyEx6Ad/m5nvB:/qTrQaSejL8ZJ9BvUVFerCvI4MhWTeB9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Shipping document.exe

Files

Shipping document.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ