7ffbfc130000[.]conhost2[.]dll[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7ffbfc130000.conhost2.dll.exe
Size

176KB
MD5

588a70b0564692e8f1baf00d592aedff
SHA1

d66b028ff4e323b3beadf8faba80b095ec1e4b5b
SHA256

6933141fbdcdcaa9e92d6586dd549ac1cb21583ba9a27aa23cf133ecfdf36ddf
SHA512

3307f70d3e92082f2a2a3da029d5e9736c52cb1115bfaa82ccbb7be300bf092778908a81a2ee6af7429dc6778be2b63b9cdbe419e9468515149652224beb23d4
SSDEEP

384:gT/WSnV4iPKeAsZxrpVrJy1KPAZRsZiMaxsrjFOmZ:grM0Zx1VVGb9orBOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ffbfc130000.conhost2.dll.exe

Files

7ffbfc130000.conhost2.dll.exe
.dll windows:4 windows x64 arch:x64

1d6bd0a4f955b5558c6bd42c7619b081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken

kernel32

CloseHandle
CreateMutexA
CreatePipe
CreateProcessA
GetComputerNameA
GetCurrentProcess
GetExitCodeProcess
GetFileSize
GetModuleFileNameA
GetVersionExA
ReadFile
ReleaseMutex
SetHandleInformation
Sleep
TerminateProcess
VerSetConditionMask
VerifyVersionInfoA
WaitForSingleObject
WriteFile

msvcrt

_beginthread
exit
fclose
fopen
fread
free
fseek
ftell
fwrite
getenv
malloc
memcpy
memset
rand
sprintf
srand
strcpy
strlen
wcstombs
_time64

netapi32

NetApiBufferFree
NetGetJoinInformation

ws2_32

WSACleanup
WSAStartup
__WSAFDIsSet
closesocket
connect
freeaddrinfo
getaddrinfo
htons
inet_addr
inet_ntop
ntohs
recv
select
send
setsockopt
socket

Exports

Exports

FreeInstalledPackageInfo
GetInstalledPackageInfo
Test
rundll
start

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d6bd0a4f955b5558c6bd42c7619b081

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

netapi32

ws2_32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: 132KB - Virtual size: 132KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 132KB - Virtual size: 132KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB