Windows Security[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Windows Security.exe
Size

3.6MB
MD5

9b2aac6e084b155d01251ac9317dead2
SHA1

948653a5add15aaa42a0421a60ea088df0460717
SHA256

c98d5b78e2f5c6f5694d5fa16c5e9e915340642dba2ca1a7f8241ecae803d9ad
SHA512

7a5766ea1c53a3edf2293b3589a6d8d8c2fb7621338ff0873594b2a9df116053a1b6bedec43e560ed88e1d9a59ebc4d667192c1f9ffd2a4753f94a6ffc646246
SSDEEP

24576:MOiKrSCWf1gLSNnfkeZYQyA6Zh1MipEMEocSwlIWgrbUM8sMThLsb33:gKr+zNn7t6NMipjpqI14vsWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows Security.exe

Files

Windows Security.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ