Code.exe

  • File Path: C:\Program Files\Microsoft VS Code\Code.exe
  • Description: Visual Studio Code

Screenshot

Code.exe

Hashes

Type Hash
MD5 06CB177252223ECCC871EA53A4519F34
SHA1 1411AE4CE51ED240E37EBA47E12CFD8DD883B2DE
SHA256 A81454B4A0089031E8FF5376A5CCB13BD7FA35BF53A799AF0A4DD89C0727A56D
SHA384 AE1FF5331DBAD70C04F0A9B5A9B5C7D99AAFCCF7123D3F78FD3222476A16635E90E75BBF13223497A192D2908A342217
SHA512 6EB409DD3FB28D85373D8A5CB1A0376FDF058BCB6C9146861B0E25A8AB80CC0D55D7F413D95F2C8A35A30CB5EC803B1FE282C7CF4A2FF63DF89CFA877C7BE3A1
SSDEEP 786432:bTK8PZpMkGA0DILjQ/B7aJqk6KpJdBux9i0nks9R3Nr1vSVOAMswjU:nK8P0kGA0DILjwB2dpJdB+c0FD3rTjjU

Runtime Data

Usage (stdout):


Warning: 'e' is not in the list of known options, but still passed to Electron/Chromium.
Warning: 'l' is not in the list of known options, but still passed to Electron/Chromium.
Warning: 'p' is not in the list of known options, but still passed to Electron/Chromium.
[main 2020-08-15T19:40:08.019Z] update#setState idle

Child Processes:

Code.exe Code.exe Code.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: electron.exe
  • Product Name: Visual Studio Code
  • Company Name: Microsoft Corporation
  • File Version: 1.48.0
  • Product Version: 1.48.0
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2019 Microsoft. All rights reserved

File Similarity (ssdeep match)

File Score
C:\program files\Microsoft VS Code\Code.exe 97

Possible Misuse

The following table contains possible examples of Code.exe being misused. While Code.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_access_win_in_memory_assembly_execution.yml - '\Microsoft VS Code\Code.exe' DRL 1.0
sigma proc_access_win_in_memory_assembly_execution.yml - 'C:\Users\\*\AppData\Local\Programs\Microsoft VS Code\Code.exe' DRL 1.0
sigma proc_access_win_in_memory_assembly_execution.yml - TargetImage\|endswith: '\Microsoft VS Code\Code.exe' DRL 1.0
sigma proc_access_win_susp_proc_access_lsass.yml - 'C:\Users\\*\AppData\Local\Programs\Microsoft VS Code\Code.exe' DRL 1.0
sigma proc_access_win_susp_proc_access_lsass.yml - '\Microsoft VS Code\Code.exe' DRL 1.0
sigma proc_access_win_susp_proc_access_lsass_susp_source.yml - '\Microsoft VS Code\Code.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.