cscript[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

cscript.exe
Size

159KB
MD5

e1dd134e19e058147d1a35477289c18e
SHA1

b01ad73f2569bcaae1ecf1dff8952fe1d3a8360c
SHA256

2c0c92b939cb47a64ed6942e63f759974b0cc8a30eb401984f172ea3cc0730dc
SHA512

a7f109d10912d0ee5d8b2d609064b1b84d883c81c0423ca9855c7710e124ee8e6308a09898fca8f918f63552834e3595b47976cc48cbe827cc37617b53b14a25
SSDEEP

3072:yrPQPDxl6mHuN0OZdrV5m3X9SeykoZ9UKdGxBZgNJ6IZxtt:yr4LuNHZ1+3XnwsBZ+JfZh

Score

N/A

Malware Config

Signatures

Files

cscript.exe
.exe windows x64

e26852ef46cfcdc679c63dc95116db13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SearchPathW
MapViewOfFile
GetFileSize
CreateFileMappingA
UnmapViewOfFile
SetLastError
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringW
GetPrivateProfileIntW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetVersionExW
FindResourceExW
LoadResource
CreateFileMappingW
ExitProcess
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
GetCommandLineW
WideCharToMultiByte
WriteConsoleW
GetLastError
GetConsoleMode
WriteFile
CreateFileW
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalAlloc
FormatMessageW
GetProcAddress
LocalFree
FormatMessageA
LoadLibraryExW
FindFirstFileW
FindFirstFileA
FindClose
GetFileAttributesW
GetACP
GetFileAttributesA
GetCPInfo
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
CloseHandle
SetEvent
CreateThread
CreateEventA
GetUserDefaultLCID
LoadLibraryExA
GetTempPathA
CreateFileA
GetSystemDirectoryA
GetTempFileNameA
FlushFileBuffers
GetFullPathNameW
GetFullPathNameA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

msvcrt

_callnewh
malloc
memset
wcscat_s
wcscpy_s
_vsnwprintf
_wcsicmp
_wcsnicmp
wcsncmp
_itow_s
_itow
wcsrchr
strcpy_s
_swab
memmove
_vsnprintf
sprintf_s
swprintf_s
__C_specific_handler
memcmp
memcpy
bsearch
free

oleaut32

SysStringLen
SafeArrayGetLBound
SafeArrayCopy
LoadRegTypeLi
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayPutElement
SysFreeString
SafeArrayCreate
LoadTypeLi
SafeArrayGetElement
VariantChangeType
VariantInit
VariantCopy
SysAllocStringLen
VariantClear
SetErrorInfo
CreateErrorInfo
SysAllocString

ole32

MkParseDisplayName
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoRegisterMessageFilter
CoInitializeSecurity
CoGetTreatAsClass
CreateFileMoniker
CreateBindCtx
CoInitialize
CoUninitialize
CoGetClassObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
ImpersonateLoggedOnUser
IsTextUnicode
DeregisterEventSource
GetUserNameW
RegisterEventSourceW
ReportEventW
LookupAccountNameW
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA

user32

GetClassNameA
PostMessageA
IsWindowVisible
DispatchMessageA
GetMessageA
GetActiveWindow
MsgWaitForMultipleObjectsEx
LoadStringW
LoadStringA
CharNextA
GetWindowLongPtrA
KillTimer
PostQuitMessage
GetParent
SetWindowLongPtrA
PeekMessageA
EnumThreadWindows
MsgWaitForMultipleObjects
SetTimer
RegisterClassA
DefWindowProcA
CreateWindowExA
TranslateMessage
GetClassInfoA
SendMessageA

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e26852ef46cfcdc679c63dc95116db13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

oleaut32

ole32

version

advapi32

user32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 3KB - Virtual size: 2KB