fookmkob[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fookmkob.exe
Size

787KB
MD5

f5fc893960828691b7f7e9ed4f5560e8
SHA1

3c65a42bb4ba3e4f7f3ff7adadbd86cb9e60aa69
SHA256

788a68c0bd5f3f331c99106fc1f7de5c9f7c8c4d22178c42626689d4fd7b7a31
SHA512

a4bf39ee65a03da0a42b1b51f71db65938ca903fb77027b782c9661a38c8ef598b0ea11624756090f66eca239bb0af391e9891c185602834dfb662abc6ca6143
SSDEEP

12288:BMtuvHduiFgcW5LebIKDL3mewWqcfzlB8OzIavbaJ1u3SJnxQMW5ecH0M:qtUHkiDFbBwWqcfBinxQMW5eO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fookmkob.exe

Files

fookmkob.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MH0
Size: - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MH1
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MH2
Size: 780KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ