vmwarehost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vmwarehost.exe
Size

4.8MB
MD5

e9ff5899c1bf9d86370bfbc489dd6375
SHA1

a936400798d7907b4b958787f0ac021372ed8472
SHA256

6c69900bd50ee9223b570d6d1824d2c4319e036f38e1aee35545472bd18c75bf
SHA512

afc68aba798d0fba68b141290f415a7418b182dc233138d720b76362f75cd85696130f43c7ab4b0feac5faf7229930477c47eb606d2c4fbf101a6239fc72fefb
SSDEEP

98304:tLt17DZaiusWcmbH/PuN/WOHwAOYsuV86EQWpg52OW:tx17DIyW5juN/tHhfR8KOg52j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vmwarehost.exe

Files

vmwarehost.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ