OBS Studio[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OBS Studio.exe
Size

3.7MB
MD5

65eef6fa0f94256f120d2d38a9ed4460
SHA1

739c362a5ea88bbe9ba6012e1fae400f8c7aea0e
SHA256

67f43a1db35f4b7850414a6c15797fb7ece7942f2d2cbc6b51bd6f59ffcf9cb4
SHA512

a19bf59e143895a34db08fdcb1ecb891a2a9244b084f85e58ca547186f242c860e77de8e9a6d845b89658a34bf6649f6edb59ed3ef3a2f7bf744bac956fd1386
SSDEEP

49152:jhzG5O+3Ro6zvBvBNYQKk232snqf5gYgYLzmCz48AYFCYP6DhSf2H0U6hWXnXBkM:jqBo6rBvIR/qf5g3CM4/um2UqRn

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
sample	agile_net

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OBS Studio.exe

Files

OBS Studio.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

C{iWQjo
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

C{iWQjo
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PRsRaxul
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.null
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ