Obfu[.]zip | Triage

Sharing

General

Target

Obfu.zip
Size

2.3MB
MD5

e8adef1a772ed815b71d2397c60fbfea
SHA1

d01c9868263d5e1682b98c2c0080338227869216
SHA256

d4bab06610155b9882e84113a1da20d380f5a299105c85ed313f0b53d4af6279
SHA512

1b0a485984903c6ac91fd90bf2b796b4cd727830bdec7d74c6aa390cfb25a897842db63a4e5029872c1dc0787d2f38f101c1ad9a3bbee03039b2f81d486392d5
SSDEEP

49152:ycnYi7Td/aTBW8DLeiyK7wF6tTpgn9WH25A4HrWsu0s+S/XiK3GL:y1iF/UE8DAI4rqfiK3s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Obfu.exe

Files

Obfu.zip
.zip

Password: HworangeRival
Obfu.exe
.exe windows:4 windows x86 arch:x86

Password: HworangeRival

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AutoIt_Stub_Loader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Obfu.pdb