Windows Explorer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Windows Explorer.exe
Size

108KB
MD5

3ac2205ac14e0c5428d7897c7c399c7a
SHA1

766f5dd8885511e1c3996c5cdc32a68a59b7243a
SHA256

929ab49072fff2447ff6f7326e6fe66cae78115d71ce154732e971f1bbf4d7fb
SHA512

597b0f40b3091fb0092d6f45c2f951901974258c2544554717785075c01ff541cb7741ef365747ce6d8d32f55e15e6c561860cf0a20264d785a97907d010bc0d
SSDEEP

1536:8R8ow8VV+aC+1Lfe0XQHwUSw0I2OObA3bxOK:oVV3/fe0XNDwyOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows Explorer.exe

Files

Windows Explorer.exe
.exe windows:4 windows x86

f9bfccc82b6cfe6f82f41a3e115e0db2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord556
ord666
ord592
ord595
ord598
ord526
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord608
ord716
ord717
ProcCallEngine
ord535
ord685
ord100

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ