MV[.]MSP TBN VLS'S DETAILS[.]doc[.]lzh | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MV.MSP TBN VLS'S DETAILS.doc.lzh
Size

651KB
MD5

f49553ac4e7dfd7e556fa43badd82960
SHA1

06897cf7195183613ad3db8b1b7d6bd64c488047
SHA256

32fa4f2dff8d23fc9b0e70349ab871a7d597ecdface3c36811b49c6e9ad109cd
SHA512

87d29a72cbf08416754611dfb077ec4d62efd50ce4ec33ab596fa3cf39788f90b9200001027ec10e8f7ecc60c02c60c3b997d80a634ff51bcb7dc9e25da14f78
SSDEEP

12288:Fm4/fnuqCvlP6FdGzEkhPJL9jpej+dUb+lw/c1eGCEQn6INob6eXtAM:FNfwRlzEkBLB+h6+CeGY0nXtAM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MV.MSP TBN VLS'S DETAILS.doc.exe

Files

MV.MSP TBN VLS'S DETAILS.doc.lzh
.lzh
MV.MSP TBN VLS'S DETAILS.doc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GVgO.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ