Malicious
Classifications
-
Threat Names
Mal/Generic-S
Dynamic Analysis Report
Created on 2022-01-16T22:02:00
Tbopbh.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\Tbopbh.exe | Sample File | Binary |
malicious
|
...
|
»
File Reputation Information
»
Verdict |
malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x40614e |
Size Of Code | 0x4200 |
Size Of Initialized Data | 0x24400 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2022-01-10 14:39:54+00:00 |
Version Information (11)
»
Comments | Проводник |
CompanyName | Microsoft Corporation |
FileDescription | Проводник |
FileVersion | 10.0.18362.1500 |
InternalName | Tbopbh.exe |
LegalCopyright | © Корпорация Майкрософт. Все права защищены. |
LegalTrademarks | - |
OriginalFilename | Tbopbh.exe |
ProductName | Операционная система Microsoft® Windows® |
ProductVersion | 10.0.18362.1500 |
Assembly Version | 10.0.18362.1500 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x4154 | 0x4200 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.88 |
.rsrc | 0x408000 | 0x24118 | 0x24200 | 0x4400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.55 |
.reloc | 0x42e000 | 0xc | 0x200 | 0x28600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.08 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x402000 | 0x6128 | 0x4328 | 0x0 |
Digital Signature Information
»
Verification Status | Failed |
Verification Error | The signature hash does not match the file contents |
Certificate: Microsoft Windows
»
Issued by | Microsoft Windows |
Parent Certificate | Microsoft Windows Production PCA 2011 |
Country Name | US |
Valid From | 2020-12-15 22:29 (UTC+1) |
Valid Until | 2021-12-02 22:29 (UTC+1) |
Algorithm | sha256_rsa |
Serial Number | 33 00 00 02 ED 2C 45 E4 C1 45 CF 48 44 00 00 00 00 02 ED |
Thumbprint | 31 28 60 D2 04 7E B8 1F 8F 58 C2 9F F1 9E CD B4 C6 34 CF 6A |
Certificate: Microsoft Windows Production PCA 2011
»
Issued by | Microsoft Windows Production PCA 2011 |
Country Name | US |
Valid From | 2011-10-19 20:41 (UTC+2) |
Valid Until | 2026-10-19 20:51 (UTC+2) |
Algorithm | sha256_rsa |
Serial Number | 61 07 76 56 00 00 00 00 00 08 |
Thumbprint | 58 0A 6F 4C C4 E4 B6 69 B9 EB DC 1B 2B 3E 08 7B 80 D0 67 8D |
Memory Dumps (1)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
tbopbh.exe | 1 | 0x00400000 | 0x0042FFFF | Relevant Image | 32-bit | - |
...
|
2282d72c7ebe715e339b0717c7708861fb4959f1dc948423ccd1ff9bd783e902 | Embedded File | Image |
clean
|
...
|
»