WmiExplorer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WmiExplorer.exe
Size

598KB
MD5

23a1920ad8aaba9e4e7786743737e063
SHA1

c1bf273929b6986f92f046f0e171915e59f51ba4
SHA256

64b5bbcf609f86383b7caf1ff8c4562d1362ba694a511f1c25bf50349979aa73
SHA512

82cc029dd657b4fd9a572a223a4de1ac1b7d3b436e309ae2e92b6b8fd012f723af8124dfb798ebf9c08ea3ea05b869edd292b2b53a3f4c52a59899b8fa273864
SSDEEP

6144:PAL/H/6eJDdnefbo5Oifb2GhNbIrMNA9zY4dlIrMNA9zXbO:PALJdefE2iNbAM+G8lAM+56

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WmiExplorer.exe

Files

WmiExplorer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ