MSBuild[.]exe | Triage

General

Target

MSBuild.exe
Size

21KB
MD5

00df03fc0dc9371c5d4eefc807ad8ad4
SHA1

309021bc66a82777badd2d6a8153631480ea5d3c
SHA256

45405bd59bfaf0e1246428371dedabb993f885012acf8e7a6499691a8ccca038
SHA512

bcfd6c5f94b2b040938ebc20c33e58ca405530ea1b44e15ec97a5808bbe55653769f6638aa6bf24a8985626273722c993fd17f198dac469cea6f99fdea254fe3
SSDEEP

384:L2QO6lhFWyXsKYRYgXm8O7oKzEMXVpQxLlxmoDH5rVeNVb:Cez4vnveRgsQxZdGb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MSBuild.exe

Files

MSBuild.exe
.exe windows:6 windows x86 arch:x86

53ab403e10c1fe6f6f83542118e9ec63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleExW
FreeLibrary
ExitProcess
Sleep
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx

user32

MessageBoxA

msvcrt

memset
abort
__setusermatherr
_initterm
_initterm_e
_set_fmode
__p__commode
__argc
__argv
_environ
_amsg_exit
_except_handler4_common
__getmainargs
_controlfp_s
__DestructExceptionObject
__CxxFrameHandler3
__set_app_type
_msize
??3@YAXPAX@Z
?terminate@@YAXXZ
_XcptFilter
realloc
free
_errno

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53ab403e10c1fe6f6f83542118e9ec63

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 892B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 892B