deploymentcsphelper[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

deploymentcsphelper.exe
Size

35KB
MD5

b924f1a7de5ed8331b3375a778b3fe38
SHA1

e62ce42735c05d2bb792af2648daefc04dea144c
SHA256

90e6dbdb4eb72ed9bcb4dcdc53f9a3ce3108297f84ce346b9af04790a641ccce
SHA512

0002ac854e72866f10b4779c3f12cca97554654463341e05632198c31f98833e176d12d11e665ac2684e32baec8b08ead04fd05345d60d73839bdaf0ed311810
SSDEEP

768:P3a3ZvbIV9503ncUOf6VxDpl038yk5Akzaqd:P3aJDIL5GcUTt+omUH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deploymentcsphelper.exe

Files

deploymentcsphelper.exe
.exe windows x64

677ab69463cc55e2e7cfc2a39bb04b46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
_unlock
__CxxFrameHandler3
__dllonexit
__setusermatherr
_cexit
_exit
exit
__C_specific_handler
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_onexit
??0exception@@QEAA@AEBQEBD@Z
?terminate@@YAXXZ
_wcmdln
_callnewh
_fmode
??1type_info@@UEAA@XZ
_commode
__set_app_type
_lock
malloc
_wcsnicmp
wcsstr
_purecall
??3@YAXPEAX@Z
wcschr
_vsnprintf

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcessHeap
GetLastError
HeapFree
GetCurrentProcess
TerminateProcess
CompareStringW
UnhandledExceptionFilter

wdscore

ConstructPartialMsgVW
CurrentIP
WdsInitialize
WdsSetupLogMessageW
WdsTerminate

shell32

CommandLineToArgvW

dismapi

DismOpenSession
DismEnableFeature
DismDisableFeature
DismGetCapabilities
DismAddCapability
DismGetFeatures
DismInitialize
DismRemoveCapability
DismShutdown
DismCloseSession

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapAlloc

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetFileAttributesW
CreateDirectoryW

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

677ab69463cc55e2e7cfc2a39bb04b46

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

wdscore

shell32

dismapi

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-file-l1-1-0

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 996B

.reloc Size: 512B - Virtual size: 424B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 996B

.reloc
Size: 512B - Virtual size: 424B