QvDE.pdb
Static task
static1
Behavioral task
behavioral1
Sample
documents.exe
Resource
win7-20231215-en
General
-
Target
documents.bat
-
Size
877KB
-
MD5
173aa6b5c260b3e19f1b979f054b02b0
-
SHA1
9ea4da05677968a322acf4330699e76b31676130
-
SHA256
0dd421edda69a829b7b9d025fd81f947085c0b3a54d9025312823a56c2b5df83
-
SHA512
29415d7778eb7d1275815f1bcee0c3f0613f300df29172ab03d63c119491af6ced57c25c39ed27e010c0e7ce7be87de216bf2757480db9fd392b95c1f8282d51
-
SSDEEP
24576:L/UAc8bshd1ixMpqvhnjqJR33ulonktC+FMIpSmUrSGG:L/U8bI1+MMv5YwloWCZU0m7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource documents.bat
Files
-
documents.bat.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 874KB - Virtual size: 874KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ