GamboSpoofer[.]exe | Triage

Sharing

General

Target

GamboSpoofer.exe
Size

1.1MB
MD5

c83b14935761355e5f628cf004cc568b
SHA1

a465bca76408d47f6c2ef506c0c3dd24e6ea3746
SHA256

fbac21bf5e516a65cbe371d422dc3edcc784af1a6ed87ba4485b775c156225ed
SHA512

282e13838e84c9063d8e9281d4c31205b76fba516f8763814fd489d6c855538e0964f3a60f9b36739ef8fe34d93fc01648a3f904214a8832262a3f3eeb28d0d2
SSDEEP

6144:LKCp0ZwbXC4b11VOb11VQ9mKb11Vzb11V:ttbbVObbVgmKbbVzbbV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GamboSpoofer.exe

Files

GamboSpoofer.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 852KB - Virtual size: 851KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ