Heal_OBF[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Heal_OBF.dll
Size

674KB
MD5

cb9e7cf03b10d46bb4762ae6d37cc040
SHA1

20ce39ba56f540ff252d5f67bed5c978e8909661
SHA256

3b3a0488c7a6eedf4ea4d0c6ac9a1f9439d084eb29189b7e4de8a9e81c7be4f8
SHA512

08dc744fe1a2d4c7aee2a9c67dab3b73d4884223847a91144fa5cbd8fb4f4a238f0c5d6cebcf3db53101fef0c1b082f59878ec6171f862960ab8e933e5c7c4ef
SSDEEP

6144:E2sBT7aavSaGkAbAaZ3YQNJnZzmDEuvZgsXBA2osNbYRlPE49FzssjuvA6EQKtMl:WTOavBGdCotYnqtVi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Heal_OBF.dll

Files

Heal_OBF.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ