krnlss[.]exe | Triage

Sharing

General

Target

krnlss.exe
Size

15KB
MD5

64a53001d955ede7c9fd9180d095c2da
SHA1

d1c7147f69cfb3b9e9bb79d55f9d573c5340d706
SHA256

7349675c663037bc46921b9fa77556c54fe280c964f59756ed6156577ef9cbb0
SHA512

019a8404d2c3373a99c86bfefd4f74d6e3c2997f3f0546738a447aefc23b6759a0e714a2b0b9d0d2965176c6dd6a838b96d8ef308f902e7c7d09335bc553c8a0
SSDEEP

384:hj7og7ASMkaQoFgHycpsRvo28lybC17yuBVRfffUk:h6Ks+lyYpZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
krnlss.exe

Files

krnlss.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\source\repos\test\test\obj\Debug\test.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ