fontdrvhost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fontdrvhost.exe
Size

904KB
MD5

357aee2421db423538a75f312bdbb806
SHA1

37978b564158ba5a06bb0b7f5a08139264c818a5
SHA256

317264cee8dac0e9055317702e874fbe0fb306ae1b24b3a8e32de192f985c6a3
SHA512

f4eddd6b9810ae10894b76a81e1bf1b4d1aee284fa75db31fe54e3908c85f3873c85c6050c0cbb748e65c14bd164e34e2f2f3b34bc522401d7344a157a797c3a
SSDEEP

12288:lpzY0jfFne5t4vVc5mbljYDuRm/e5t4vVc5mbljYDuRmg5t4vVc5mbljYDuRmt:1nbAmmCsbAmmCKAmmCM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fontdrvhost.exe

Files

fontdrvhost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\TD-Files\TD\FiveM\Premium 3 C# Loader New - hider, new - free\obj\Release\fontdrvhost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 832KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ