Scooby[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Scooby.zip
Size

2.8MB
MD5

ef8fc13b041700fcc415c5c0d8f15253
SHA1

a542bfa032415a6b0e55ca4c5c6aa850af8eb7ab
SHA256

5f9fb4d45ede2e74323e2bf107bf75963f2abc8718c01f13c32e702b923075bf
SHA512

7d073be85bf0d802233f518c43910ef49716788114a4d4c6ba1883fd13f1767a495f275c0c91854b5246972ef8d03c5421e94d0af4df1173a9bbd3b5e750bce1
SSDEEP

49152:7Ntd5hdbphxhFXcBEGYUrzA7uzo+kBwSk9z88FsCVjGZsk6wEq6oIjjHJUT0GwgO:7Ntd5hdHxhFTGYUrMKzHka9z8eIuk6wa

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bunifu_UI_v1.5.3.dll
unpack001/Scooby.exe

Files

Scooby.zip
.zip

Password: Scooby-CESTGFG-F34WTGF-IDKANYMORE
Bunifu_UI_v1.5.3.dll
.dll windows x86

Password: Scooby-CESTGFG-F34WTGF-IDKANYMORE

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Readme.txt
Scooby.exe
.exe windows x64

Password: Scooby-CESTGFG-F34WTGF-IDKANYMORE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ