CSharpRootkit[.]exe | Triage

Resubmissions

22/07/2024, 13:34

240722-qvd2zazcqa 5

22/07/2024, 13:30

240722-qr9z8szbqd 5

22/07/2024, 13:25

240722-qn1x6azgrk 3

Sharing

General

Target

CSharpRootkit.exe
Size

105KB
MD5

c35b0429cf07b8ea91987cc9cabd38e7
SHA1

c3e7a43d92c965b3f0bc12805a13bf04da61ad8a
SHA256

bac5f8b0a62629e6c69c46dcd3def9705d3bd000480fb38cbfc763e044aedb39
SHA512

413c819273a99e8dbd95338210facc4d1171dd6992e8949127ed0c6475414c88633254573ed6ff7d1b82f3d947a20d95c877fbf4b230b6bae847f284c42f44fa
SSDEEP

3072:pIYIc/ZW5DacwaE+qeSOfqZOobXYdIk4eRJPvMg8:jZWLwaE+qeSOyXWdD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CSharpRootkit.exe

Files

CSharpRootkit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Mes\Downloads\CsharpRootkit-main\CsharpRootkit-main\CSharpRootkit\obj\Debug\CSharpRootkit.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ