powershell[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

powershell.exe
Size

95KB
MD5

ba50a2bd85cff763a6a0bed1d4a04c83
SHA1

8dd54136c138d2e1d006841e4e96dfba739c49ef
SHA256

24c7ca1d0ce4c0d83bd3b1bfeece00509502d866d9e2024acd12199337404901
SHA512

97d4b842e5d0ee57a647e02ae4cc5297d591cb17aa6a201a45e36b297ee719a08f48c90f6f2e3ccb091f12b63d6dd32db822201f4f8826d64f090802084ae430
SSDEEP

768:IkZa7YvL5ZP7vBwH1+Qo0qxh85joz1KPsTTMNw3UQB0EC47uI3f+:NlL5ZD5a1+QwSRwUQBl7uI3W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
powershell.exe

Files

powershell.exe
.exe windows:4 windows x86 arch:x86

5ce96ab0e6c09edc89ba9348cf037069

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetTickCount
HeapAlloc
HeapReAlloc
IsBadStringPtrW

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__p___argc
__p___wargv
__stdio_common_vsprintf
_configure_wide_argv
_get_initial_wide_environment
_initialize_wide_environment
_set_app_type
_strdup
exit
free
fwrite
getenv
memcmp
memmove
strchr
strcmp
strcpy
strcspn
strlen

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 160B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ce96ab0e6c09edc89ba9348cf037069

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ucrtbase

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 56B

.rdata Size: 4KB - Virtual size: 332B

/4 Size: 4KB - Virtual size: 944B

.bss Size: - Virtual size: 160B

.idata Size: 4KB - Virtual size: 876B

.reloc Size: 4KB - Virtual size: 288B

/14 Size: 4KB - Virtual size: 96B

/29 Size: 24KB - Virtual size: 22KB

/41 Size: 4KB - Virtual size: 2KB

/55 Size: 8KB - Virtual size: 4KB

/67 Size: 4KB - Virtual size: 434B

/78 Size: 8KB - Virtual size: 6KB

/89 Size: 4KB - Virtual size: 840B

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 56B

.rdata
Size: 4KB - Virtual size: 332B

/4
Size: 4KB - Virtual size: 944B

.bss
Size: - Virtual size: 160B

.idata
Size: 4KB - Virtual size: 876B

.reloc
Size: 4KB - Virtual size: 288B

/14
Size: 4KB - Virtual size: 96B

/29
Size: 24KB - Virtual size: 22KB

/41
Size: 4KB - Virtual size: 2KB

/55
Size: 8KB - Virtual size: 4KB

/67
Size: 4KB - Virtual size: 434B

/78
Size: 8KB - Virtual size: 6KB

/89
Size: 4KB - Virtual size: 840B