89c752b73cfb74a47a719f072cec594c | Triage

Sharing

General

Target

89c752b73cfb74a47a719f072cec594c
Size

182KB
MD5

89c752b73cfb74a47a719f072cec594c
SHA1

b5684fc4b10f7945219e836259bf0709ef4bf699
SHA256

673ec4156edb9dc5d1a089e9a6a0bbbd9138671adf9ab58d20a712d1cd831de6
SHA512

dee22938fe9377da90a5e28e48cfdbed0de4a3e61ae8f8edeb3f7f5d91700726fec36c455d575e41a77c6bf265cd7d1bebd24fcfb861f845e0e612e807005781
SSDEEP

3072:L8DiE0mmyOHE3IPec/WlvMWGiP/l3Gp63o+kh7w7c9O058eA:4DiJ/skWGiP/lWp64+C07c9O0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89c752b73cfb74a47a719f072cec594c

Files

89c752b73cfb74a47a719f072cec594c
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ProcessHollowing.ni.pdb
C:\Users\jmagri\Desktop\ProcessHollowing\ProcessHollowing\obj\Release\netcoreapp3.1\win-x86\ProcessHollowing.pdb

Sections

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ