spool[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spool.exe
Size

155KB
MD5

49a4426707b51f7de3c9072df4d267cd
SHA1

be8a1fcb435fc99944968d765b750f604dc8693b
SHA256

fc5d578281ce023f2f30d7d2398153b0e765246984af9af0502078e83859513e
SHA512

8dd1364456ef58c8931e7dd6cebf1d6e17440aa920adb7c0fda93adacd8beb906df57277a7067cce2913ecbc66fbf5db9ccf0193517062cee05f451c1866b6ea
SSDEEP

3072:xhcu+PiszMIQ/675S5P7FPkru853A2mhoB1WXGWmnow3g:xhcuOzlQbt7FsrX3ATo73

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spool.exe

Files

spool.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\Desktop\SpoolSample-master\SpoolSample\obj\x64\Debug\SpoolSample.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ