XSudo[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XSudo.exe
Size

3.8MB
MD5

15995b0b1fc5dd82f1c3ba1b7b40c5d4
SHA1

3b6a4a5b8b1107854e35b01cd28b4cce7a003413
SHA256

f244a04265405ae8295551a1324c6dc3162d611b4a152658096d675a31a57d35
SHA512

4ebe82a5d5d499eab10c9049647283976d95f102b24b2113bd59309ea107fb6cf8671640651e7d7cf13435e516c6d2dcbfe3a2fc8a8ed917398b3d86f6a77781
SSDEEP

49152:aApBOr1sU6uEgjhlOCDw8mEFAuYg2OWpTMqBx+fdTmG2Y4MT9ffD+CzKcbmoivTN:

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XSudo.exe

Files

XSudo.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ