ushell[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ushell.exe
Size

772KB
MD5

8db5203b22b0618ce5e7de107f522552
SHA1

3c76a11f1441d0848e34c03c78f9e1fe9929c850
SHA256

e69fb9cefe139379440509810fafe5f4a7b06a8c8a2cec84d78e137f9a3afa38
SHA512

05b8cf82bc0c6b641141a708f72fc6a4e5299983793a90eb694a621af006f8dc0f8ef26856a84f4d0092cc27b9f9374581030f0e739a018e3117268858525716
SSDEEP

12288:t+tGc6fIZqOrtcHdZtVm/JzHHvT7d3X/F7xwyH/j97iuR:TfgvrtcZu4Xu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ushell.exe

Files

ushell.exe
.exe windows:6 windows x64 arch:x64

9eb47e58a2ed69fdc45b7a79f0c44e2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ushe l(l)\distro\depot\deploy\_build\public\ushell.pdb

Imports

kernel32

GetStdHandle
GetCommandLineW
GetLastError
ExitProcess
WriteConsoleA
WriteConsoleW

user32

wvsprintfW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 734KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ