iashost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

iashost.exe
Size

23KB
MD5

b333e0e253f91de8b6fad360217cba5b
SHA1

db4c8e8c5b90c98291b3c8b4a933a8d25a6f1ef5
SHA256

b7d9a6c4ddce7889b63e894279a4312c1e42806aa03ba8ce04d99344eb3db05b
SHA512

7ba86716a0bf35f92bf66b15a7de256818b3463a71acda601a0fb7fc1f3d5ff50249b1ca4b8115ecc627fd2e9f9344287232f9dfe2741133f416d76de7f873dc
SSDEEP

384:+p1Rc815/Xxq3jykP02iWcd2zgEGhGpxLH/+yXK/XtXgkiWruWr:+TRb3/Xo+k0WrzJyG7Lf+nXmkf7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iashost.exe

Files

iashost.exe
.exe windows x64

54f5c531c1cf6311d38019e6231fe8d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

SetEvent
lstrlenA
WaitForSingleObject
CreateEventW
MultiByteToWideChar
GetLastError
CloseHandle
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
Sleep

msvcrt

_XcptFilter
_callnewh
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
strncpy_s
mbstowcs
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
__CxxFrameHandler3
_CxxThrowException
_amsg_exit
memset

ole32

CLSIDFromString
CoRegisterSurrogate
IIDFromString
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoReleaseMarshalData
CoMarshalInterface
CoCreateInstance
CoGetClassObject
CoRevokeClassObject

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54f5c531c1cf6311d38019e6231fe8d3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 828B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 148B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 828B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 148B