Shell Infrastructure Host[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Shell Infrastructure Host.exe
Size

1.1MB
MD5

d28aa99bd454f5ee76e6c0d325602ff2
SHA1

8f201d954af6458164541b08279cf95c48ded4f3
SHA256

71f5fc3ef2ebadb3fb3e1aec80ac45be2af9ecbff82445d3ce501d679ee67b46
SHA512

cd03ba08a2cd88f1ddc6715b5b2b7119b638a47e09f53e01a7f3446c3cfb2ea290998a07ca60b7425ab88d0ca1249f5eba6768954e57054b85f55b0f3961556c
SSDEEP

24576:CJnK5cnuFa2s1kX/kbtIqgFHU0HEPJbO8dBUGKsmuzQ28HW:CMFXs1kX/tqUEPJbOEVd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Shell Infrastructure Host.exe

Files

Shell Infrastructure Host.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 25KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 916KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE