poshc2 | dropper_cs[.]exe | Triage

Sharing

General

Target

dropper_cs.exe
Size

18KB
MD5

54628e3d4956efcbce04ebdd20eb5342
SHA1

9cfbec77418ef8572619928e055331a62ea31eee
SHA256

a51a7662d835e2db5159392b104f7e30cfa931341d3bf7c30d5667c7c2b3397f
SHA512

796d014f8eedf2a056ada9ade04fdd0e147e199f9c01e7a11c15d5cf4f561be4da7fd12d859e17239d77919cf7162081be6f1015bb26227ab23adf8c9cf1eb7b
SSDEEP

384:mR1O1HfA6c76wQ/J1O95acb43vK4oTb7VnwbN/4wy/jKXuQT:oY1YUBcfVneGrKXHT

Score

10^/10

poshc2

Malware Config

Signatures

PoshC2 binary 1 IoCs

resource	yara_rule
sample	family_poshc2

Poshc2 family
poshc2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dropper_cs.exe

Files

dropper_cs.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ