Pre-arr doc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Pre-arr doc.exe
Size

630KB
MD5

bcae0e0dca60849e004a322a1b15b1d6
SHA1

38967ff794685bf5aecb37b8da27d289989819f1
SHA256

993eeee9034a444b7000ab0a34402139fb011e89c67b1e0c6758ab79367034f3
SHA512

bd03750e8d3faada65db8dbc869be58189862fbf0015760cc3a45e204d2b4490823877a536a6adb497730a81b6d0993eed5ec9e2b092b7b7cad0b930f4b2b392
SSDEEP

12288:FN7V+zCyUSWDaaAs9SVXCHn40jdzgmpVv2O9/cFPhSGevL/GK4ENz2K:FN7VMMSWmXiSK1buJvej/GEN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Pre-arr doc.exe

Files

Pre-arr doc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ