MsMpEng[.]exe | Triage

General

Target

MsMpEng.exe
Size

185KB
MD5

b3dc35b1675f84a175d1f437f640d93b
SHA1

5f759dce51a5a95f9b0f58e8aa83dc95d4526cef
SHA256

4fbf1458268a5b2cd029d46cb27571ea6da9ac37a194001bb55bbf361853fb32
SHA512

4fcfd79af98c30852fcf6cb89c708cfa3800ea5174885f7278cbee0f1fb6de15dd88c563be087b2c61551b5932d25d9e1b0269fe68683df6a5a75d64ef07e599
SSDEEP

3072:NRmFoCuoqId5mtT4XOyVop6PsoB7LTKTeFq3PFU0teELdGJ6:NWuamR4XOyV5R7LUPS0t30J6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MsMpEng.exe

Files

MsMpEng.exe
.exe windows x86

77f13bc24efea5a05601b43cf44d1f1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
SuspendThread
Sleep
CreateThread
WaitForSingleObject
CreateSemaphoreA
WinExec
GetSystemDirectoryA
GetWindowsDirectoryA
FindFirstFileA
FindClose
FindNextFileA
CopyFileA
GetSystemTime
MoveFileA
DeleteFileA
SetFileAttributesA
GetCommandLineA
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetLastError
CloseHandle
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
CreateFileA
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetStdHandle
FlushFileBuffers
SetEndOfFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
LCMapStringW

user32

SetWindowTextA
EndDialog
DialogBoxParamA
GetDlgItem

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77f13bc24efea5a05601b43cf44d1f1a

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 10KB