sfc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sfc.exe
Size

35KB
MD5

755a36263b919a5fec30f7f697b0aa4a
SHA1

aeedaf44353bf628b9c503611786aff59ea0732f
SHA256

6fb46313a33add50ff813d6eda76487beeec6000439c3f25a1f679e7dcfe47c4
SHA512

a5cd04c177614491b8da8d4888b95c368836ed74f68fb7fe7740149f3a9b930853d638b22d7c80cfdb5f5cc2a11baa68167e4e579d1bcb86ed2145116046313a
SSDEEP

768:n8pfRks4ZxJXxTnrJikirB7ILn5FvYzmMPljmmpgFUG:S09RnrJikirZdlmmpgB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sfc.exe

Files

sfc.exe
.exe windows:10 windows x86

eb611a7aeeefce048b2177d6e07dbfec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

kernel32

HeapFree
GetModuleFileNameW
GetUserDefaultUILanguage
GetProductInfo
WaitForSingleObject
CreateFileW
GetVersionExW
UnmapViewOfFile
QueueUserWorkItem
CreateEventW
GetLastError
SetEvent
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetSystemInfo
LoadLibraryW
HeapAlloc
GetLocalTime
GetProcAddress
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
LocaleNameToLCID
CreateFileMappingW
MapViewOfFile
GetFileSizeEx
SetErrorMode
GetErrorMode
DebugBreak
lstrcmpiW
GetWindowsDirectoryW
LoadLibraryExW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
OutputDebugStringA
CompareFileTime
LocalFree
HeapSetInformation
CloseHandle
FormatMessageW
GetFileTime

msvcrt

_vsnprintf
_ftol2
memcpy
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_callnewh
malloc
wcsrchr
strstr
atoi
__iob_func
wcsstr
wcschr
wcstok
_strnicmp
wcstoul
strtoul
swscanf
_vsnwprintf
strtok
_wtof
_getmbcp
_wcsnicmp
_fileno
_setmode
_wcsicmp
wprintf
__p__fmode
memset

ntdll

RtlExpandEnvironmentStrings_U
RtlInitAnsiString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString

oleaut32

SysFreeString
SysAllocString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

powrprof

PowerDeterminePlatformRole

api-ms-win-core-com-l1-1-1

CoCreateInstance
CoInitializeEx
CoGetMalloc
CoUninitialize

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb611a7aeeefce048b2177d6e07dbfec

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

oleaut32

version

powrprof

api-ms-win-core-com-l1-1-1

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB