oobeldr[.]exe[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

oobeldr.exe.bin
Size

4.7MB
MD5

652dc686a5ba82dc1528b5ac3477fbcd
SHA1

fa7dacf984fcbe5c2b18d4e2c30dc187eb95b191
SHA256

a2ad09cca8e3952ed95e61867c35f1fb4ed4511c98d4a827fddef24387690f2b
SHA512

d90c2864e688f435aa027f91921c9c9b6f1de91d19a8ae1a6e3df18bb13722ec601c895a8828ecde5828c79e7f66ed8d6b4f3dda63107ccac8165daa103d8a91
SSDEEP

98304:nZeg0+Tapf6c53kH3Cneb1qbzVmW80GUDFaOOK8FMxwndZVbv:nZ8jd6UkX70sWAUsQ8yo9bv

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

oobeldr.exe.bin
.exe windows x86

d812527b5988192695ea156eae610de1

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

Issuer

CN=Logitech ZC-9016 USA State of Washington

Not Before

15/12/2021, 11:48

Not After

16/12/2031, 11:48

Subject

CN=Logitech ZC-9016 USA State of Washington

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:45:7c:c0:53:34:15:9a:6b:81:20:37:8e:3f:ab:cf:31:0a:00:71:68:2f:25:92:88:a9:cf:a8:df:c4:7a:cb
Signer

Actual PE Digest

49:45:7c:c0:53:34:15:9a:6b:81:20:37:8e:3f:ab:cf:31:0a:00:71:68:2f:25:92:88:a9:cf:a8:df:c4:7a:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHGetFolderPathW

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d812527b5988192695ea156eae610de1

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

49:45:7c:c0:53:34:15:9a:6b:81:20:37:8e:3f:ab:cf:31:0a:00:71:68:2f:25:92:88:a9:cf:a8:df:c4:7a:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

user32

Sections

.text Size: - Virtual size: 5KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 96B

.vmp0 Size: - Virtual size: 2.7MB

.vmp1 Size: 1024B - Virtual size: 888B

.vmp2 Size: 4.6MB - Virtual size: 4.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 41KB - Virtual size: 40KB

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

49:45:7c:c0:53:34:15:9a:6b:81:20:37:8e:3f:ab:cf:31:0a:00:71:68:2f:25:92:88:a9:cf:a8:df:c4:7a:cb
Signer

.text
Size: - Virtual size: 5KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 96B

.vmp0
Size: - Virtual size: 2.7MB

.vmp1
Size: 1024B - Virtual size: 888B

.vmp2
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 41KB - Virtual size: 40KB