afhvser[.]exe | Triage

Sharing

General

Target

afhvser.exe
Size

353KB
MD5

d51e11f21698000dc7834221d02d93a1
SHA1

d2a4196c36840b5eaabb9f585d504ebd8278840a
SHA256

819895f1a99faf768a9bd2e8c789d90725c2c9c3da9f446c1522907193ffe2c3
SHA512

c895c0c72f3b7bbb6bf88a366049aa833b775abf5fef6018f120975a4fb98e9866891a3f92cfd09267edbdd1fedc3e1e6b084239b15c4b6bf189ff2e81d61846
SSDEEP

6144:wAbK2Zy++MX+DvKbLPEEVna5zHQICkMUTOYoREG8gn3Hd9oZ2dHnI:5yBMuDv0atjzG8gn3Hd9oZ2NI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afhvser.exe

Files

afhvser.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

yV66|?s
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ