Code.exe
- File Path:
C:\Program Files\Microsoft VS Code\Code.exe - Description: Visual Studio Code
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 06CB177252223ECCC871EA53A4519F34 |
| SHA1 | 1411AE4CE51ED240E37EBA47E12CFD8DD883B2DE |
| SHA256 | A81454B4A0089031E8FF5376A5CCB13BD7FA35BF53A799AF0A4DD89C0727A56D |
| SHA384 | AE1FF5331DBAD70C04F0A9B5A9B5C7D99AAFCCF7123D3F78FD3222476A16635E90E75BBF13223497A192D2908A342217 |
| SHA512 | 6EB409DD3FB28D85373D8A5CB1A0376FDF058BCB6C9146861B0E25A8AB80CC0D55D7F413D95F2C8A35A30CB5EC803B1FE282C7CF4A2FF63DF89CFA877C7BE3A1 |
| SSDEEP | 786432:bTK8PZpMkGA0DILjQ/B7aJqk6KpJdBux9i0nks9R3Nr1vSVOAMswjU:nK8P0kGA0DILjwB2dpJdB+c0FD3rTjjU |
Runtime Data
Usage (stdout):
Warning: 'e' is not in the list of known options, but still passed to Electron/Chromium.
Warning: 'l' is not in the list of known options, but still passed to Electron/Chromium.
Warning: 'p' is not in the list of known options, but still passed to Electron/Chromium.
[main 2020-08-15T19:40:08.019Z] update#setState idle
Child Processes:
Code.exe Code.exe Code.exe
Signature
- Status: Signature verified.
- Serial:
3300000187721772155940C709000000000187 - Thumbprint:
2485A7AFA98E178CB8F30C9838346B514AEA4769 - Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: electron.exe
- Product Name: Visual Studio Code
- Company Name: Microsoft Corporation
- File Version: 1.48.0
- Product Version: 1.48.0
- Language: English (United States)
- Legal Copyright: Copyright (C) 2019 Microsoft. All rights reserved
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\program files\Microsoft VS Code\Code.exe | 97 |
Possible Misuse
The following table contains possible examples of Code.exe being misused. While Code.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_access_win_in_memory_assembly_execution.yml | - '\Microsoft VS Code\Code.exe' |
DRL 1.0 |
| sigma | proc_access_win_in_memory_assembly_execution.yml | - 'C:\Users\\*\AppData\Local\Programs\Microsoft VS Code\Code.exe' |
DRL 1.0 |
| sigma | proc_access_win_in_memory_assembly_execution.yml | - TargetImage\|endswith: '\Microsoft VS Code\Code.exe' |
DRL 1.0 |
| sigma | proc_access_win_susp_proc_access_lsass.yml | - 'C:\Users\\*\AppData\Local\Programs\Microsoft VS Code\Code.exe' |
DRL 1.0 |
| sigma | proc_access_win_susp_proc_access_lsass.yml | - '\Microsoft VS Code\Code.exe' |
DRL 1.0 |
| sigma | proc_access_win_susp_proc_access_lsass_susp_source.yml | - '\Microsoft VS Code\Code.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.