SpellViewer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SpellViewer.exe
Size

963KB
MD5

c5b862328ef4ae168ce4ef56358ac8a9
SHA1

34535b6117b9133f923a3db13f436af3f3697c23
SHA256

6f7ea38430bdff8c93c9beb4bc370856c399c365fd4934af84b226fd667fc309
SHA512

7f10ba49303b5d6e0f3d94e08c655497eb98fea1405e295b6d4cf90471484c7a77392fb7d1c76fc808d52794eb4deb32dbc37371c4f3a2dff9e70de73a0aff4d
SSDEEP

24576:H25MoBLp4uSIX+D1j+zNTU2GiyDnkfsVqJgz:d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SpellViewer.exe

Files

SpellViewer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\D&D\DnD5eTools\SpellViewer\obj\Release\SpellViewer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 961KB - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ