mshta[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mshta.exe
Size

33KB
MD5

813296729218c6ab043dbf1f6b5b45d3
SHA1

ef024879ac5bcb5c499b4227e792e99a629fa1d1
SHA256

39522236b3bbda82e3468abfef0acb5164a39dd588498295fdadf213d90dbd7f
SHA512

20201a3cf8f2a4448fd7d1255168b5c7cf4f54219d9f4bece271d4131d5859696d127d05f4180110d3345c189feffc02427f4c7094e369922d3b3525248980da
SSDEEP

384:D7my50noNQLIuweH1dfQQ+5RApd8jjiXJDbHFEyO/Ye93jsUHIPIJIY4cFJDWwW1:DCy50n3weVdfeniXB7FEyE99yA+Zc8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mshta.exe

Files

mshta.exe
.exe windows:10 windows x86 arch:x86

e2fe100c0c102912c05240e15bf5f365

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mshta.pdb

Imports

msvcrt

memcpy_s
memmove_s
_purecall
free
malloc
_callnewh
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
_ismbblead
__setusermatherr
_initterm
_acmdln
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_vsnwprintf
_controlfp
_except_handler4_common
memcmp
memset

kernel32

QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
Sleep
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
GetCurrentProcessId
MultiByteToWideChar
SetProcessDEPPolicy
LoadLibraryA
ExpandEnvironmentStringsA
GetStartupInfoW
CreateThreadpoolTimer
FreeLibrary
LoadLibraryW
GetVersion
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

iertutil

ord650

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2fe100c0c102912c05240e15bf5f365

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

iertutil

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB