issues
search
mttaggart
/
wtfbins
WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
MIT License
142
stars
10
forks
source link
[New WTFBin]: gc_worker.exe
#41
Closed
rcegan
closed
1 year ago
rcegan
commented
1 year ago
Contributor Name:
rcegan
Application/Executable:
Azure Connected Machine Agent - gc_worker.exe
WTF Behavior Description:
Spawns a process that runs encoded Powershell strings. Triggers when the agent downloads new policies from Azure.
Link to Documentation of Behavior:
N/A - I can't find any resources online that mention this behaviour.
Please provide any images for additional evidence.
mttaggart
commented
1 year ago
Added in 6fb27f5c72e15c6aa696b46eb00db9c55db9553d