documents[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

documents.exe
Size

739KB
MD5

0bcb54c360edfe2011c5ff9013d97c44
SHA1

2d78dc803eedc9058ddd8898565fde2699de75fb
SHA256

fa94a5c024e6156dd957cf797e393b8ccaf125491763cb97a8fdaaa9c8803940
SHA512

5281b53886b4a7144c23a448afe6461c2f7e8b8516d735981090e57694e39fae04f4ed23c5fefcbf13465111258cf79105e413e893a6adbca22a6c992032877c
SSDEEP

12288:2S998yfb/WT4UkuZb5ogoO2+8zonZAh+KU4IoDm0VW0jPFbHnYPt0dAA:t9RfzW/Zb5oXdV2pgbjnVA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
documents.exe

Files

documents.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ