conhost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

conhost.exe
Size

394KB
MD5

068ada7b75b96674703b175e35e0a9ff
SHA1

e5f9c485ef731283c8268f92d4c0f146fdcf76d6
SHA256

7b2f0e1120d8c59a831c6ec052d7f5848e533cfc4c2700bc16d9d925296dc43a
SHA512

fa762e606318cb0cf67c645f1f5e222246277475caaede083f88ddcc60601454191b3ffe64ba8e2a601f58244777e5ef93422a0a9e80f7abe333aed6a8be1aab
SSDEEP

6144:XYZPtUbuUKx4D4Pt5laac8hWPD1XxImyRGlWu:X/Jj6HkgWPD1XmmmcW

Score

N/A

Malware Config

Signatures

Files

conhost.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ