Conduit[.]exe | Triage

Sharing

General

Target

Conduit.exe
Size

499KB
MD5

2e143e77a943ef80487e88400c78978d
SHA1

9263152337f364c6a35ca528f0d044243d0c3082
SHA256

d96b3132757ad5f0b35834c6166b90bbe76891bff5b4b33443cd174f113988fd
SHA512

308779e2d17bd867716bdb6cb87e12890da282aefe74fea8eaa9a14d255634d86242466b14fab0262e4d3a071057b1eac364a744254c7e5996cf7fef0089b6ee
SSDEEP

12288:ApMuyO38KOZmQ8UbAcfR3MM+PRQvcZfR4:MMuyO3vOZmQ8UccZ3bIRB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Conduit.exe

Files

Conduit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\thijs\Documents\Projects\League\Mimic\conduit\obj\Release\Conduit.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ