powershell[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

powershell.exe
Size

45KB
MD5

358030cbe139e66c54533f8fb711ab6c
SHA1

e3908bd5bc0b1c840c652af2a7e8170fd8839cea
SHA256

849f98daaaae879d5e5d7c842f03b1a21058f8caa5874e3ea1e0bf88623deede
SHA512

1a7437955d4b59142fdaaaa7439bf7b3797aaf2e0297be7aa3bc54715bd4ac13d0adceb6c777e8355cd7b8e48e2f21616b37d9cfa1daaec441aa1222e18b88d3
SSDEEP

768:xvAXJ/Myim9l8BQE8aVA9LDuT+vhv98q2jF1IwF/0Z/yqQVWLov+u1/M:mSyim9aBHqtSyhvojPmnDkWsU

Score

1^/10

Malware Config

Signatures

Files

powershell.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ