DOC[.]rar | Triage

Sharing

General

Target

DOC.rar
Size

619KB
MD5

3a5a81a4e016d1a76b388ff3fe187053
SHA1

ed2d98cd24237278b41dd4dfd9f6885821052abe
SHA256

e5b1e16daa002f8571e782628879b8a41b664f6430ce76edbf69f5a1b0f3ee0e
SHA512

b2c63dfee9aa366bdd02176fe0c120aafcf7f0055684356fde4ab8bff67e907dcb87d74b7f177c1b92e38b16026f3033954d7aa837037cc417bae9d3f4967ec4
SSDEEP

12288:cW80s0x5S1b0rZuBdDDlxlGozGhuy6G4XxxwSBNPe2rcEhCeIZ:ces0x5S1b0IBdD5x8n4Bxrx7CeA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iu5J6ktsl7y8tiM.exe

Files

DOC.rar
.rar
iu5J6ktsl7y8tiM.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PLvB.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 787KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ