ShadowRoot[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ShadowRoot.exe
Size

6.1MB
MD5

4c6433e65ff8dcfbd3c4d87923481e05
SHA1

1c6f26ef05b8fb5f6ecc4384fbb05f504fa26050
SHA256

2bd07cec74209e568284bbd8bb2c269747fc98632172ce18521d2eee3c36d8af
SHA512

5916ae59d0baa6aee460173811e2819957f78bfad51bb9a4995f7ca4c6aebdb0092773b924e6c9ea3e44339a3f3f9a264130cf63cda095cd19179677fd5245db
SSDEEP

49152:9eKmgmuy23wKQyNQRnB9Yz9mlbRSjdKq3k2EsSaxL1QWNTMMpoDXze:4Km6HEz2dLYsSPze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ShadowRoot.exe

Files

ShadowRoot.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ