sysmon[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sysmon.exe
Size

123KB
MD5

3493c2c39a0de9b47f1160bc926872be
SHA1

4dad6c1ac096fa91cd9cd482a3df1e89f8bd17b9
SHA256

fdba02cf0de85328c150b9d81bb521ee03fe5b7bdc43eac5631b1116e7d10634
SHA512

77c88bce59bea9351ae148cd382faa50f4d3c8e146f6fcbb74f05e36ffefb00dfea4f822b2c36ebbfcc949200a5f6a96e890a6f739d32493ab9aadac1974323c
SSDEEP

3072:i2aWmyW4sRzAWK+wYP1l+fo5a0MNoO053Z5DQ:mWmksXK+/SoO09Z5Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sysmon.exe

Files

sysmon.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ