General

  • Target

    GooberWasHereInstaller.exe

  • Size

    30.6MB

  • MD5

    9ef155ff8ec0904373cb5892299986ce

  • SHA1

    4d0d5ff53a3128a0602b2e407347df66da7a5b04

  • SHA256

    a0e416c96ea6bdf382b391682a7fc1226dc16dd4a2b68466dbe86ec427540f29

  • SHA512

    f39059c9a0155a55e8f4b4c5504cd633e2e336d6b3d6c4acdeff1b429fea190dda3c8439ad1027c6f9539699f15afa5ac4979947bc679cb9ca3d7bf80f53e0aa

  • SSDEEP

    786432:cEMMszwm8ZsfO0xBVuy/ZJddkuAizgitBotEyQai1OkXlpB7XMliXo:ckWwXZmO0Pwy//Drgi3otcR7B7Xo

Score
3/10

Malware Config

Signatures

  • Detects Pyinstaller 2 IoCs
  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • GooberWasHereInstaller.exe
    .exe windows:4 windows x86 arch:x86

    f4639a0b3116c2cfc71144b88a929cfd


    Headers

    Imports

    Sections

  • GWHLauncher.bat
  • PLAYERDATA/player.json
  • assets/NOTE.png
    .png
  • assets/PAYLOAD1_COM.exe
    .exe windows:6 windows x64 arch:x64

    a06f302f71edd380da3d5bf4a6d94ebd


    Headers

    Imports

    Sections

  • PAYLOAD1_COM.pyc
  • assets/PAYLOAD2_COM.exe
    .exe windows:6 windows x64 arch:x64

    a06f302f71edd380da3d5bf4a6d94ebd


    Headers

    Imports

    Sections

  • payload.pyc
  • config/cfg.ini
  • mods/INSTALL_MODS.md