ConPtyShell[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ConPtyShell.exe
Size

33KB
MD5

ce43d05a16369e03f1ee9e997bce44f6
SHA1

07b5b7061949c77b3f4b7627dcb4a657d5472555
SHA256

e8734f6ab6ba0ad51c2a517b8e03b57819a3cce7e6016374917b9fefe3fd3ec1
SHA512

699b82870f4552fa3e93fb3bd6481830f70b6d8a97da50ccbc1a058bb4213711c8af58922df38e5591ba31bd8a4de98297e70271aa98a31cbd3881999186e2f5
SSDEEP

384:CWMrc296pyUj4mC9k/Gs98e/YdfsO5wCZimFIIYXh6fa81pDh5LEq2TBPSmrzRl8:CWqX96WcCv9s5hFh6r5L6TB1zRlBE8C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ConPtyShell.exe

Files

ConPtyShell.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ