svchost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

svchost.exe
Size

325KB
MD5

5e24e97bbc8354e13ee3ab70da2f3af6
SHA1

b52c0f3b18600e472d848d028af60c1c4860bf64
SHA256

69d3cf6c83d6b21abbe13ea46f6fa0462c564712ddad17b9151ac36db85486fe
SHA512

137ee2c034d5c6cb8b504412a73fb143fc4ce9bedd069b3d50f974fe7cc84c01e24f056793961d66c187d7369cbd8e422a5500a0a3d908fc0ba7e4f2c2ffdce4
SSDEEP

3072:tL462ysJidbUp3/DTus9GawgA6rFMdIc0JMUPkYW5I2LKjcRt805cLFrmKJ7W0PS:t0jp3/jVwgHpiIhJXi5kjtxrNqhhyUT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
svchost.exe

Files

svchost.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ