fontHost[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

fontHost.exe

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

fontHost.exe

Resource

win10-20220812-en

dcrat evasion infostealer rat

windows10-1703-x64

17 signatures

300 seconds

General

Target

fontHost.zip
Size

2.7MB
MD5

6683ebcebdf59fa974e125c602281816
SHA1

f9338cbaac9c3e47538b4c5b8ca6042783bb9d3f
SHA256

83e53688efae71b0616248b134c9c02cb2dbc26225559e3e51cf970bc0736728
SHA512

4ef1777d7dd54e3836b0bc2839396cf5ab9eb72773c12ebc4a079749ed95fa5d58cddad0f67c5de1b2accd6b47626cc566e8f79d85116bdee34b182886c2efa4
SSDEEP

49152:EA1Ng8mEVLGTMnW/nj2zapwXN0RzHCHfXdPE8FuboRT:E/mMYWqkwXGmvdPXFJl

Score

N/A

Malware Config

Signatures

Files

fontHost.zip
.zip
fontHost.iso
.iso
fontHost.exe
.exe windows x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 354KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kkfdgmwr
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gxotdcog
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy