C:\projects\nohboard\Hooking\obj\Release\NohBoard.Hooking.pdb
Static task
static1
1 signatures
General
-
Target
NohBoard-ReWrite-v1.3.0.zip
-
Size
1.2MB
-
MD5
42151bf03b30423f7cc5abb9ddd3e79e
-
SHA1
219ae38db2292c9a5ff3e97eb255f7f87df770a3
-
SHA256
d868ada36466e3f88d3edb023d333fac503fa48f282c27dae6148d044a65b59d
-
SHA512
311f294716d5660fdc48c0be0236a9e629b5074a2d090a4f402f249e1294f3b6bd7994ffb589ad67a44eef04c9d0a32ef5cd496c645f32c56ecbbb3e5b4fa11a
-
SSDEEP
24576:e+05kaxHwZRLPdOd+tChM5uaBMybnwxW8r2LOBv0rVxHwfhvCL+7z2wJAC7C60a:e+KziCe5uaVUxWdiBv050tCIz2wJOFa
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/NohBoard.Hooking.dll unpack001/NohBoard.exe unpack001/clipper_library.dll
Files
-
NohBoard-ReWrite-v1.3.0.zip.zip
-
NohBoard.Hooking.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
NohBoard.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\projects\nohboard\NohBoard\obj\Release\NohBoard.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 506KB - Virtual size: 505KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 327KB - Virtual size: 327KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
System.ValueTuple.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/09/2016, 17:58Not After07/09/2018, 17:58SubjectCN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/08/2017, 20:11Not After11/08/2018, 20:11SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/08/2017, 20:20Not After11/08/2018, 20:20SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
50:0b:9b:f8:2d:1f:dc:2c:85:5f:8d:44:8e:f0:06:34:42:5d:c4:9a:fc:6f:51:5e:c7:96:0d:06:3c:1b:20:16Signer
Actual PE Digest50:0b:9b:f8:2d:1f:dc:2c:85:5f:8d:44:8e:f0:06:34:42:5d:c4:9a:fc:6f:51:5e:c7:96:0d:06:3c:1b:20:16Digest Algorithmsha256PE Digest Matchestruee0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0Signer
Actual PE Digeste0:5a:d1:da:4b:60:60:fb:28:f2:b5:1c:59:6c:d7:66:96:16:eb:e0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
clipper_library.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\projects\nohboard\clipper_library\obj\Release\clipper_library.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
keyboards/BurningFish/steelseries6gv2/keyboard.json
-
keyboards/BurningFish/steelseries6gv2mouse/keyboard.json
-
keyboards/BurningFish/steelseries6gv2mousemove/keyboard.json
-
keyboards/BurningFish/us_intlmouse/keyboard.json
-
keyboards/BurningFish/us_intlmousemove/keyboard.json
-
keyboards/GamesLegacy/arrows/keyboard.json
-
keyboards/GamesLegacy/arrows_numpad/keyboard.json
-
keyboards/GamesLegacy/azerty_fps/keyboard.json
-
keyboards/GamesLegacy/azerty_sc2/keyboard.json
-
keyboards/GamesLegacy/game_dota/keyboard.json
-
keyboards/GamesLegacy/game_esa/keyboard.json
-
keyboards/GamesLegacy/game_fps1/keyboard.json
-
keyboards/GamesLegacy/game_fps1_mm/keyboard.json
-
keyboards/GamesLegacy/game_fps2/keyboard.json
-
keyboards/GamesLegacy/game_isaac/keyboard.json
-
keyboards/GamesLegacy/game_keys1/keyboard.json
-
keyboards/GamesLegacy/game_worms/keyboard.json
-
keyboards/GamesLegacy/numpad/keyboard.json
-
keyboards/GamesLegacy/us_intl_fpsgame/keyboard.json
-
keyboards/GamesLegacy/us_intl_fpsgame2/keyboard.json
-
keyboards/GamesLegacy/us_intl_jc2/keyboard.json
-
keyboards/GamesLegacy/us_intl_sc2/keyboard.json
-
keyboards/GamesLegacy/us_intl_surfandbhop/keyboard.json
-
keyboards/GamesLegacy/wsadmouse/keyboard.json
-
keyboards/HaleyHalcyon/1button/keyboard.json
-
keyboards/HaleyHalcyon/2button-puzzle/keyboard.json
-
keyboards/HaleyHalcyon/2button/keyboard.json
-
keyboards/HaleyHalcyon/rhythm4/keyboard.json
-
keyboards/HaleyHalcyon/rhythm5/keyboard.json
-
keyboards/HaleyHalcyon/rhythm6/keyboard.json
-
keyboards/HaleyHalcyon/rhythm7/keyboard.json
-
keyboards/Normal/azerty/keyboard.json
-
keyboards/Normal/azerty_basic/keyboard.json
-
keyboards/Normal/azerty_nonum/keyboard.json
-
keyboards/Normal/colemak/keyboard.json
-
keyboards/Normal/de/keyboard.json
-
keyboards/Normal/de_basic/keyboard.json
-
keyboards/Normal/de_en_nonum/keyboard.json
-
keyboards/Normal/de_nonum/keyboard.json
-
keyboards/Normal/dvorak/keyboard.json
-
keyboards/Normal/mouseAll/keyboard.json
-
keyboards/Normal/mouseMovement/keyboard.json
-
keyboards/Normal/scandi/keyboard.json
-
keyboards/Normal/scandi_basic/keyboard.json
-
keyboards/Normal/scandi_nonum/keyboard.json
-
keyboards/Normal/uk/keyboard.json
-
keyboards/Normal/us_intl/keyboard.json
-
keyboards/Normal/us_intl_basic/keyboard.json
-
keyboards/Normal/us_intl_basicmouse/keyboard.json
-
keyboards/Normal/us_intl_basicmousemove/keyboard.json
-
keyboards/Normal/us_intl_nonum/keyboard.json
-
keyboards/Normal/us_intl_statekeys/keyboard.json
-
keyboards/Normal/workman/keyboard.json
-
keyboards/TheCore/TheCore/TheCore.style
-
keyboards/TheCore/TheCore/keyboard.json
-
keyboards/TheCore/images/leftb.png.png
-
keyboards/TheCore/images/leftbp.png.png
-
keyboards/TheCore/images/m4b.png.png
-
keyboards/TheCore/images/m4w.png.png
-
keyboards/TheCore/images/m5b.png.png
-
keyboards/TheCore/images/m5w.png.png
-
keyboards/TheCore/images/rightb.png.png
-
keyboards/TheCore/images/rightbp.png.png
-
keyboards/TheCore/images/sb.png.png
-
keyboards/TheCore/images/sdb.png.png
-
keyboards/TheCore/images/sdw.png.png
-
keyboards/TheCore/images/sub.png.png
-
keyboards/TheCore/images/suw.png.png
-
keyboards/TheCore/images/sw.png.png
-
keyboards/TheCore/images/t.png.png
-
keyboards/global/default.style
-
keyboards/joao7yt/fps/clean-black_clean-white.style
-
keyboards/joao7yt/fps/keyboard.json
-
keyboards/joao7yt/fps/normal-black_normal-white.style
-
keyboards/joao7yt/fps/normal-white_normal-black.style
-
keyboards/joao7yt/fps/outline-black_normal-black.style
-
keyboards/joao7yt/fps/outline-black_normal-white.style
-
keyboards/joao7yt/fps/outline-black_outline-white.style
-
keyboards/joao7yt/fps/outline-white_normal-black.style
-
keyboards/joao7yt/fps/outline-white_normal-white.style
-
keyboards/joao7yt/fps/outline-white_outline-black.style
-
keyboards/joao7yt/fps/outlined-black_normal-white.style
-
keyboards/joao7yt/fps/outlined-black_outlined-white.style
-
keyboards/joao7yt/fps/outlined-white_normal-black.style
-
keyboards/joao7yt/fps/outlined-white_outlined-black.style
-
keyboards/joao7yt/images/capsb.png.png
-
keyboards/joao7yt/images/capsib.png.png
-
keyboards/joao7yt/images/capsiw.png.png
-
keyboards/joao7yt/images/capsob.png.png
-
keyboards/joao7yt/images/capsow.png.png
-
keyboards/joao7yt/images/capsw.png.png
-
keyboards/joao7yt/images/ctrlob.png.png
-
keyboards/joao7yt/images/ctrlow.png.png
-
keyboards/joao7yt/images/keyb.png.png
-
keyboards/joao7yt/images/keyib.png.png
-
keyboards/joao7yt/images/keyiw.png.png
-
keyboards/joao7yt/images/keyob.png.png
-
keyboards/joao7yt/images/keyow.png.png
-
keyboards/joao7yt/images/keyw.png.png
-
keyboards/joao7yt/images/leftb.png.png
-
keyboards/joao7yt/images/leftbp.png.png
-
keyboards/joao7yt/images/leftib.png.png
-
keyboards/joao7yt/images/leftibp.png.png
-
keyboards/joao7yt/images/leftiw.png.png
-
keyboards/joao7yt/images/leftiwp.png.png
-
keyboards/joao7yt/images/leftob.png.png
-
keyboards/joao7yt/images/leftobn.png.png
-
keyboards/joao7yt/images/leftobp.png.png
-
keyboards/joao7yt/images/leftow.png.png
-
keyboards/joao7yt/images/leftown.png.png
-
keyboards/joao7yt/images/leftowp.png.png
-
keyboards/joao7yt/images/leftw.png.png
-
keyboards/joao7yt/images/leftwp.png.png
-
keyboards/joao7yt/images/m4b.png.png
-
keyboards/joao7yt/images/m4w.png.png
-
keyboards/joao7yt/images/m5b.png.png
-
keyboards/joao7yt/images/m5w.png.png
-
keyboards/joao7yt/images/rightb.png.png
-
keyboards/joao7yt/images/rightbp.png.png
-
keyboards/joao7yt/images/rightib.png.png
-
keyboards/joao7yt/images/rightibp.png.png
-
keyboards/joao7yt/images/rightiw.png.png
-
keyboards/joao7yt/images/rightiwp.png.png
-
keyboards/joao7yt/images/rightob.png.png
-
keyboards/joao7yt/images/rightobn.png.png
-
keyboards/joao7yt/images/rightobp.png.png
-
keyboards/joao7yt/images/rightow.png.png
-
keyboards/joao7yt/images/rightown.png.png
-
keyboards/joao7yt/images/rightowp.png.png
-
keyboards/joao7yt/images/rightw.png.png
-
keyboards/joao7yt/images/rightwp.png.png
-
keyboards/joao7yt/images/sb.png.png
-
keyboards/joao7yt/images/sdb.png.png
-
keyboards/joao7yt/images/sdw.png.png
-
keyboards/joao7yt/images/shiftb.png.png
-
keyboards/joao7yt/images/shiftib.png.png
-
keyboards/joao7yt/images/shiftiw.png.png
-
keyboards/joao7yt/images/shiftob.png.png
-
keyboards/joao7yt/images/shiftow.png.png
-
keyboards/joao7yt/images/shiftw.png.png
-
keyboards/joao7yt/images/spaceb.png.png
-
keyboards/joao7yt/images/spaceib.png.png
-
keyboards/joao7yt/images/spaceiw.png.png
-
keyboards/joao7yt/images/spaceob.png.png
-
keyboards/joao7yt/images/spaceow.png.png
-
keyboards/joao7yt/images/spacew.png.png
-
keyboards/joao7yt/images/sub.png.png
-
keyboards/joao7yt/images/suw.png.png
-
keyboards/joao7yt/images/sw.png.png
-
keyboards/joao7yt/images/t.png.png
-
keyboards/joao7yt/images/tabb.png.png
-
keyboards/joao7yt/images/tabib.png.png
-
keyboards/joao7yt/images/tabiw.png.png
-
keyboards/joao7yt/images/tabob.png.png
-
keyboards/joao7yt/images/tabow.png.png
-
keyboards/joao7yt/images/tabw.png.png
-
keyboards/quake/images/mouse-hr.png.png
-
keyboards/quake/images/mouse.png.png
-
keyboards/quake/images/mouseleftclick-hr.png.png
-
keyboards/quake/images/mouseleftclick.png.png
-
keyboards/quake/images/mousemiddleclick-hr.png.png
-
keyboards/quake/images/mousemiddleclick.png.png
-
keyboards/quake/images/mouserightclick-hr.png.png
-
keyboards/quake/images/mouserightclick.png.png
-
keyboards/quake/images/mwheeldown-hr.png.png
-
keyboards/quake/images/mwheeldown.png.png
-
keyboards/quake/images/mwheelup-hr.png.png
-
keyboards/quake/images/mwheelup.png.png
-
keyboards/quake/images/pressed-hr.png.png
-
keyboards/quake/images/pressed.png.png
-
keyboards/quake/images/shiftctrlpressed-hr.png.png
-
keyboards/quake/images/shiftctrlpressed.png.png
-
keyboards/quake/images/shiftctrlunpressed-hr.png.png
-
keyboards/quake/images/shiftctrlunpressed.png.png
-
keyboards/quake/images/space-hr.png.png
-
keyboards/quake/images/space.png.png
-
keyboards/quake/images/spacepressed-hr.png.png
-
keyboards/quake/images/spacepressed.png.png
-
keyboards/quake/images/t-hr.png.png
-
keyboards/quake/images/t.png.png
-
keyboards/quake/images/unpressed-hr.png.png
-
keyboards/quake/images/unpressed.png.png
-
keyboards/quake/quake/keyboard.json
-
keyboards/quake/quake/quake-champions.style
-
keyboards/quake/quakehighres/keyboard.json
-
keyboards/quake/quakehighres/quake-champions-highres.style
-
keyboards/wheels/alienware 17/clean-black_clean-white.style
-
keyboards/wheels/alienware 17/clean-white_clean-black.style
-
keyboards/wheels/alienware 17/keyboard.json
-
keyboards/wheels/alienware 17/normal-black_normal-white.style
-
keyboards/wheels/alienware 17/normal-white_normal-black.style
-
keyboards/wheels/images/altb.png.png
-
keyboards/wheels/images/altw.png.png
-
keyboards/wheels/images/capsb.png.png
-
keyboards/wheels/images/capsw.png.png
-
keyboards/wheels/images/enterb.png.png
-
keyboards/wheels/images/enterw.png.png
-
keyboards/wheels/images/funcb.png.png
-
keyboards/wheels/images/funcw.png.png
-
keyboards/wheels/images/keyb.png.png
-
keyboards/wheels/images/keyw.png.png
-
keyboards/wheels/images/shiftb.png.png
-
keyboards/wheels/images/shiftw.png.png
-
keyboards/wheels/images/spaceb.png.png
-
keyboards/wheels/images/spacew.png.png
-
keyboards/wheels/images/subb.png.png
-
keyboards/wheels/images/subw.png.png
-
keyboards/wheels/images/tabb.png.png
-
keyboards/wheels/images/tabw.png.png