CSFalconService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CSFalconService.exe
Size

172KB
MD5

111197493a9f91299b51d2d225c7c9ad
SHA1

b7274bf9706a2a8a463c885f6cec46a58a564a2d
SHA256

ab81d1e321cf5ead4a6f835384d2f0fe146268e16639ad199a91a7871ca31912
SHA512

d9282367b6b2b89e9e52818c6a3aba7d26c6dbd586e91f53c02b866b6dc97b2e2ca741de7f7a21eedf5cfcfa5ffd3ffff28eb5af54a66d4ef377f9b3318a6b58
SSDEEP

3072:Tvb/MgLBFcq1Mx0bySqDCaij8mjnZ+q9ngo3amCN24B:bbkgLBpd+4aiAZqgB0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CSFalconService.exe

Files

CSFalconService.exe
.exe windows:6 windows x64 arch:x64

19f858db9754f33a979584194ed33c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Users\1013639\Documents\Proyectos\Scripts\Rust\dummy_exe\target\debug\deps\dummy_exe.pdb

Imports

kernel32

ReleaseMutex
ReleaseSRWLockShared
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
AcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TryAcquireSRWLockExclusive
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
LoadLibraryA
CreateMutexA
GetModuleHandleA
GetConsoleMode
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObjectEx
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

vcruntime140

__C_specific_handler
_CxxThrowException
memcmp
memmove
memset
memcpy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_initterm
_get_initial_narrow_environment
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe
_set_app_type

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 97B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19f858db9754f33a979584194ed33c3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 512B - Virtual size: 824B

.pdata Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 97B

.gfids Size: 512B - Virtual size: 32B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 824B

.pdata
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 97B

.gfids
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB