msd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

msd.exe
Size

8KB
MD5

cf85ceea940ae5f2cc0ee0a9fc23d5c8
SHA1

79dfb63ee8ab5214072c2872623b54c592e7cf5c
SHA256

ce85f5bcd52c79582a66bc7ef3f11f4ac74e9cc9962551b5912ac6bfa78ea841
SHA512

4e46c832ab3df1975c51c4c4f4fb69204c990fb419a1e4c2273f86faf7e3fb4af2f16b49c0b9d866b4024583779faa365b84041493d9fc32b94f7142a9a8efd4
SSDEEP

96:CGkcaU6SbbNsEMqQPLTRf7OuuhQnWXdVU/L98r:CGkRFSbZsEMjfRfyuuhvtVU/L98r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msd.exe

Files

msd.exe
.exe windows:6 windows x64

bf8add21e5f2e3e810bb8cd070726a14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Process32NextW
lstrcatW
Process32FirstW
CloseHandle
OpenProcess
GetCurrentDirectoryW
GetProcessHeap
CreateFileMappingW
MapViewOfFile
lstrcmpiW
TerminateProcess
UnmapViewOfFile
CreateFileW
HeapAlloc
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsProcessorFeaturePresent

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ