Runtime_Broker-protected[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Runtime_Broker-protected.exe
Size

183KB
MD5

f546696260ba2a5008d17d8ccea0feba
SHA1

300352fcb5952658e473951e58c4bc953c475e49
SHA256

49e9df25651cca557557e401be5877844f4e1b8a443bfcbd6ad546ec09abc388
SHA512

5995db30e4638b050f11a3a3995b3739961a02b3c752505e52027268516af6e38e39ae5534e3fefe974039dc83222fe3e56231b29b68c314501a0cc8c089a3a9
SSDEEP

3072:dD990u/gW9D2p8pyNj9Jb0Oa5WRJmr4HBN4/p/9QZobIVUEkd6bBbSfxlOQnfBO6:l990Kn9D2p8pcj9Jbva5GI2BN4LEkd6z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Runtime_Broker-protected.exe

Files

Runtime_Broker-protected.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

HYHnZP
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HYHnZP
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

e114b370
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ