ICS[.]CoreServer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ICS.CoreServer.exe
Size

150KB
MD5

1f430995d620d2d5a9f39abbb6b29b8b
SHA1

c63d11f6e113467a3674ff7851bd053c873bc6da
SHA256

7c949d0b0640be74baffa6c8851c445081bdedc7e8d4fa9798389383699fafe4
SHA512

d98a2929e81269b85c44d72635dbb2746840370e15f58ae1dec4f97547d62ddebe0dc933099661f46f5c5210f5c4aae644f2948e9c02bfe0d4a7006a42a6c758
SSDEEP

3072:iem+X6eXkQZq0Sv7azXxJbq0Hb9McmHLDnQ2:ibetZwvGH9+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ICS.CoreServer.exe

Files

ICS.CoreServer.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ