neobloxBootstrapper[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

neobloxBootstrapper.exe
Size

320KB
MD5

0b56327caa16d08f1125c7322fc33c01
SHA1

8a051f0f162cba2368eabfad04a8a43c9adb1441
SHA256

bfc86980dbdeba54753d23f98a6be07edf17b8fd2e8cf798afc924989f9b0f89
SHA512

07567c62773c461b75f9c25aa26cf1cd8d37593e6e9bdd91ecc702b8aa5ce5af62f8211d2dad7957cc9fcd04253bcb0f9b22095483476d241302304356c2010d
SSDEEP

3072:6UO2N00bFdFUq6C3IfTprNqHSR3/16dBei:yrwFdMV7eBe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
neobloxBootstrapper.exe

Files

neobloxBootstrapper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Plextora\Desktop\Neoblox\neobloxBootstrapper\obj\Debug\neobloxBootstrapper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ