MpNsEng[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MpNsEng.exe
Size

9.9MB
MD5

66a46229c8c6b8ceb51ced2b9781e74b
SHA1

1bfae4c2ffa45fb73b809cff797bd71545672ee7
SHA256

d4e70538af20683c4970b5f913e57f43e4f94aa3e48048e1d37ae44dd915314d
SHA512

9ed97959669474e680b3046cb811b7ba41bc6db3b2f2c8b22cb580fb9ac3a8c37e998d6673d92ff5ca01f1a760347cd8d60706bcb6d21070512e956b3b60c942
SSDEEP

98304:k8AtssiR6B7d/8QWpK8JDuw+zjCOerlPX/OuyqInXxXKA34c0tnHqgZ+0ZB1OvGp:stssYdrp2C6Rtr34cgKgYzuolrlHhZA

Score

1^/10

Malware Config

Signatures

Files

MpNsEng.exe
.exe windows:4 windows x64

0fdd3d21d2193b717f076a70dfaa659c

Code Sign

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2020, 19:16

Not After

23/09/2021, 19:16

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:2d:0f:bd:d9:0c:27:10:a7:a8:b3:d2:6f:aa:f1:58:93:21:67:17:d5:a5:12:39:d5:b6:27:c7:d9:bb:74:b5
Signer

Actual PE Digest

4d:2d:0f:bd:d9:0c:27:10:a7:a8:b3:d2:6f:aa:f1:58:93:21:67:17:d5:a5:12:39:d5:b6:27:c7:d9:bb:74:b5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
fputs
free
malloc
memset
signal
strlen
strncmp
vfprintf
wcscat
wcscpy
wcslen
wcsncmp
wcsstr
_wcsnicmp
_wcsicmp

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fdd3d21d2193b717f076a70dfaa659c

Code Sign

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4d:2d:0f:bd:d9:0c:27:10:a7:a8:b3:d2:6f:aa:f1:58:93:21:67:17:d5:a5:12:39:d5:b6:27:c7:d9:bb:74:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 31KB - Virtual size: 30KB

.data Size: 9.6MB - Virtual size: 9.6MB

.rdata Size: 14KB - Virtual size: 14KB

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 13KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 187KB - Virtual size: 187KB

.reloc Size: 512B - Virtual size: 120B

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4d:2d:0f:bd:d9:0c:27:10:a7:a8:b3:d2:6f:aa:f1:58:93:21:67:17:d5:a5:12:39:d5:b6:27:c7:d9:bb:74:b5
Signer

.text
Size: 31KB - Virtual size: 30KB

.data
Size: 9.6MB - Virtual size: 9.6MB

.rdata
Size: 14KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 13KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 187KB - Virtual size: 187KB

.reloc
Size: 512B - Virtual size: 120B