Hoodology[.]exe | Triage

Sharing

General

Target

Hoodology.exe
Size

12KB
MD5

d79ff0ce2970694e3a6a652c57ec2ffa
SHA1

a1f77f9bf44dda9a0f56921d4c96dd7d113c7809
SHA256

5dd94b23ed3c33ea35ec0c0e217a5218eeafd8d7b7e666633e67fe4d664d8e21
SHA512

40f6d028859ae42d31644bb70b73465eeb83d855e237684e2ff8ba8efe94ce829b647240573b8fa39516219e8dc330a2e2a4eb2c22b29fe6df32ab83ea0893f2
SSDEEP

192:8+PrZsQgLVWnlCcDZUu7X5mkMeBi1eJVBVYopP:8GZsQgLslNZUuVmiE1edVTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Hoodology.exe

Files

Hoodology.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\P4wnd\source\repos\GalaxyBootStrapper\GalaxyBootStrapper\obj\Debug\BootStrapper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ