conhost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

conhost.exe
Size

610KB
MD5

b90adcc386503d5864f6df6bfaa3409b
SHA1

23bc57deb41d02b582a5ae03d8e94a5732b0f959
SHA256

24b2c5278a4d80c22994b4d9727293aa6641ae9947f7ed522b7b5f44fa1f7a63
SHA512

b2a2264d2ec247b2cebe94469bd5fdda87fd257222643fa5321686a99df12657fe86f87e7333f75c0c654cdc1fd0817c79909f6bfa407692d2a577a4c6b9e4cb
SSDEEP

12288:jU3Y6p7DV/48roS2yvsmIAlIWH5ZqOp/2X2Q7WwrGpJfsTcOa:jJwhrrkmIq5ZhpK7WwGJ0TcOa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
conhost.exe

Files

conhost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ