Windows PowerShell[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Windows PowerShell.exe
Size

38KB
MD5

a15a1fc6ccb4f89000d4c3df9f74b91a
SHA1

62c30fa5fae376698187cdb5c0b28ee63c5c5e25
SHA256

bd4e874686339c2f2101e92acc09aaad968231a503ed096ca40893d3f49a5c49
SHA512

24f92623b3c3979d74c1fcdbe6edf35af57bc70f04d9f41207abe26d101e7bb6f5b899984d629e66efc15677ed6b0e05cd839fc631262d74e9fa38a1a4422cd3
SSDEEP

768:aKj4SMnVXgwKlf92fNI/fSGPdASF7uXuDgl6WydcP8CDFYz:aKj4SMnVW12S3SGeSF7uwgR84FYz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows PowerShell.exe

Files

Windows PowerShell.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\miles\Downloads\es skibidi\AV-KILLER-main\src\AvKiller\obj\Release\AvKiller.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ