peterhook[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

peterhook.exe
Size

1.4MB
MD5

7fbdd062210e7ff71de6f040ff7dce1a
SHA1

e5dc33d371229edfb853ad5ddf9449163e7c604c
SHA256

841bc717fbec295febe3e58ebf74fec676a1c70ed427f88e3ca102a9c7301a7e
SHA512

cdbe421c6ee55da6cde7c47000f70f1d6bd331b11dd231907cc39fda9cef6e804c31d3b122a506f80628d0bedaa0dc8d4e07c696046deda579725488baadfa86
SSDEEP

24576:seIu5a6M24sACAgfnQ2yieN60PMYwsiLHX4SgHGCSPZso8stRfpB6e:06zjA+XyiM6GMYtiLghSBsHstRB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
peterhook.exe

Files

peterhook.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Zealan\source\repos\PeterHook\obj\Release\PeterHook.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ