Ycswddp[.]exe | Triage

Sharing

General

Target

Ycswddp.exe
Size

596KB
MD5

6beb7b485fcf483ad365e2eb794ab3d5
SHA1

b0235b5da86bbf6bb75164bb65cc1e4a5720ae49
SHA256

95c601597e0c5cc6ed9b77c20993bb1509dd263184c037dede3be4c32f57f3cd
SHA512

413ffcbdc25c9518334ccf6b09c6513192b3746045166e639ba3f42d74213115592ac5c6adcbec91f26d2d3f757aeb807719666849c3e5ecf81bc0155de933c6
SSDEEP

12288:H3oUqg29l6BHYfS3WkPayWwXr2x9tjXoD84xeuPAV3Fr0oYiNv:YGJ3WU+7tztV3Fr0Fu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ycswddp.exe

Files

Ycswddp.exe
.exe windows:4 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ