windefragsvc[.]exe | Triage

Sharing

General

Target

windefragsvc.exe
Size

8.7MB
MD5

32b22925a8b07544e2d4fc57dd79ba0f
SHA1

338fbb0d2e7b06c87c94dc7888fdb6e9d712e800
SHA256

77e6d7aee5bef0a0ea6ab7ada94420b3ddef461bc51b0fface3a75e2eb1965e7
SHA512

708a0de7a1e4d420aa9ceb85529f0fea5cacf9774732860cc037d8b359f505cddd5f59a2fa0f242fcfa0c245a299555404c26d14df91c751a661811dad5450ba
SSDEEP

98304:NF3hbrGUjo4lV0UQy82tRdC9fy56u3z2IjJYE:NvbaUjo4nlFzdC9Q6H6J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
windefragsvc.exe

Files

windefragsvc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Spanker\Desktop\marketplace\obj\Debug\marketplace.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ