dcbbae5a1c61

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\Tbopbh.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	209.91 KB
MD5	14c8482f302b5e81e3fa1b18a509289d
SHA1	16525cb2fd86dce842107eb1ba6174b23f188537
SHA256	dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78
SSDeep	3072:vf1GlJZUnjNbGgNQfYySIHiP1WLz4PcSOvG2jxZ:FbGoJ8iP19PjmGyf
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

PE Information

Version Information (11)

Comments	Проводник
CompanyName	Microsoft Corporation
FileDescription	Проводник
FileVersion	10.0.18362.1500
InternalName	Tbopbh.exe
LegalCopyright	© Корпорация Майкрософт. Все права защищены.
LegalTrademarks	-
OriginalFilename	Tbopbh.exe
ProductName	Операционная система Microsoft® Windows®
ProductVersion	10.0.18362.1500
Assembly Version	10.0.18362.1500

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x4154	0x4200	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.88
.rsrc	0x408000	0x24118	0x24200	0x4400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.55
.reloc	0x42e000	0xc	0x200	0x28600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x402000	0x6128	0x4328	0x0

Digital Signature Information

Verification Status	Failed
Verification Error	The signature hash does not match the file contents

Certificate: Microsoft Windows

Issued by	Microsoft Windows
Parent Certificate	Microsoft Windows Production PCA 2011
Country Name	US
Valid From	2020-12-15 22:29 (UTC+1)
Valid Until	2021-12-02 22:29 (UTC+1)
Algorithm	sha256_rsa
Serial Number	33 00 00 02 ED 2C 45 E4 C1 45 CF 48 44 00 00 00 00 02 ED
Thumbprint	31 28 60 D2 04 7E B8 1F 8F 58 C2 9F F1 9E CD B4 C6 34 CF 6A

Certificate: Microsoft Windows Production PCA 2011

Issued by	Microsoft Windows Production PCA 2011
Country Name	US
Valid From	2011-10-19 20:41 (UTC+2)
Valid Until	2026-10-19 20:51 (UTC+2)
Algorithm	sha256_rsa
Serial Number	61 07 76 56 00 00 00 00 00 08
Thumbprint	58 0A 6F 4C C4 E4 B6 69 B9 EB DC 1B 2B 3E 08 7B 80 D0 67 8D

Memory Dumps (1)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
tbopbh.exe	1	0x00400000	0x0042FFFF	Relevant Image		32-bit	-		... Memory Dump Actions Go to Process Download Dump

2282d72c7ebe715e339b0717c7708861fb4959f1dc948423ccd1ff9bd783e902

Embedded File

Image

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\Tbopbh.exe
MIME Type	image/png
File Size	7.33 KB
MD5	c89ca16ff501a73804f25a2c432ffec2
SHA1	8bf4230914a2b2119e9b0e829f673f3fd18d94ce
SHA256	2282d72c7ebe715e339b0717c7708861fb4959f1dc948423ccd1ff9bd783e902
SSDeep	192:dZbFdB4XQ6B/Re2S7dswn6pXCACCpcoqZYIhvb:7FdB4gQZS79n6gn7ZRZ
ImpHash	-