Signed Document[.][.]exe | Triage

Sharing

General

Target

Signed Document..exe
Size

2.5MB
MD5

b04baf73f6244754828f8583d110dd88
SHA1

651c010d7d52be0dd2dad5f1408dbddf5a1e4e87
SHA256

86a38c7be7f024035b513355c83265e1e210a2c82329839538a734ad75275d7b
SHA512

63d2d8bccd200661846564f894eae8ed0bce14e7f92da5ad2a4fa0adbb637ac20c31e95e73803d665d950c0dde144fa06bf7c90419dac831c40b0cc93e568640
SSDEEP

24576:d9zZqnxodZVAZgodXA+8NOxmSNfQ7GglYK68zcJAzQf2jYlnucOYZaxR7Ryw:d6odStNWOolY4YJAEf2oz/cxRV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Signed Document..exe

Files

Signed Document..exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ