sihost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sihost.exe
Size

108KB
MD5

d952b2ce52d875526dcd7c9e4e1706fa
SHA1

043a6d26b2b6f9642047c5668f0fa9631ff32d25
SHA256

62ebf6076acaa11199a26d8fb8828fe0a0de7a5551dc1ecd684e771c2fccb7fa
SHA512

ff0bb9e372377d1bfb244eac257e3db81801fa2413604d9fca4f1ef6b86340d8dcaf5243d1d3c6e3c499fcd23d3eaf4ad7e90440ea0b01a1096330eb2c775db7
SSDEEP

3072:M7uZrlDqhff0l1zHApKt4QTuZAnrHMV//yQlq+imX:MyZZ8ffU1zHiKt4Q+q6yQl5n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sihost.exe

Files

sihost.exe
.exe windows:10 windows x64 arch:x64

9ffe8029f721bd904f419f82a63d59a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sihost.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o___std_exception_destroy
_o___std_exception_copy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent
CreateMutexExW
LeaveCriticalSection
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockShared
WaitForSingleObject
ResetEvent
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
SetProcessShutdownParameters
CreateThread
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoGetMalloc
CoTaskMemFree
CoRevokeClassObject
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoRegisterClassObject

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

coremessaging

CoreUICreate

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
CopySid
GetSecurityDescriptorDacl
GetTokenInformation
MakeAbsoluteSD
GetLengthSid

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ffe8029f721bd904f419f82a63d59a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-1

coremessaging

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-trustee-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 476B

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 476B