fontdrvhost2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fontdrvhost2.exe
Size

903KB
MD5

4c423f500682616db6896b5a07dbdcab
SHA1

0952dc3c0fc1c2258b382fd03a60dc9aaa84c568
SHA256

0ebed62700bd5867c145ae6cfac8b6b2e0a6b7cbd954f3de1d4de97d7e8ddb29
SHA512

0973b9e84f7d8c1e4ab3c84176603566e9f5e487bb500e6b58f7cd9a408ce208cae22a2f3874b0a8d37e6f07607e8946ddacc63c2d03b740372fa32f026462dc
SSDEEP

12288:AUED3Gt6ne5t4vVc5mbljYDuRm/e5t4vVc5mbljYDuRmg5t4vVc5mbljYDuRmSFM:cnbAmmCsbAmmCKAmmC7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fontdrvhost2.exe

Files

fontdrvhost2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ