Svchost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Svchost.exe
Size

40KB
MD5

6407f1fdc349fa188ded51d0f6ad6a2e
SHA1

3ddb135aabedeaa3232b8e86b9a2ee6ff1c440ac
SHA256

adb30e2cb7f19c9615629e3231f459ba95ee7ebb4c28a5e2a8a98f1958bf98da
SHA512

41c506807ec967aa809821141462e760f4dbb9578ffde2a7b12071375e4c145b5756f6211c72cfeda01af06a7ac6b7fc9962799484afb2dd011257f187fbc634
SSDEEP

768:giRqNk1qAtjVRhxjprbW0429TmKf7r8oCr4M+N+9BzdB2:jqAtjVLrbu29TBr8oCr4MPB72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Svchost.exe

Files

Svchost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Couia\source\repos\CouitaRecovery\obj\Release\Svchost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ