conhost[.]exe | Triage

Sharing

General

Target

conhost.exe
Size

4.3MB
MD5

375bc16dbf72eca7e55c920496d3fb06
SHA1

e42e10f24d376f8bdb85e0dde307e610a8a24ae1
SHA256

c82bd8ce6eee9f41f7f7582ff3b085d1001af6b951faf1069077eb09770a7873
SHA512

bd7cb3bdd6b45be00e11531917fbd6a30b1c69c7387a144498f9589956e8bd0e07857cbb08a923339c9ae11c028d7ea4802d967cfbb791ce1341f79d68f1ea07
SSDEEP

98304:UBo0E0GrdJPr0FNAHk453XOP+ZPJ6XA3Z3fXU4vsRCm0i:Ua0ExTENLWcoZszy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
conhost.exe

Files

conhost.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ