06707c688782793a9f9e48388edc9439237a860f9e66019272a881a3aa5ea6ab.exe.exe

First submission 2024-09-28 23:05:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 142.0 KB (145408 bytes)
Compile time: 2012-11-16 17:29:10
MD5: 00a1b2ddc402ca4b20cc5f82f68092e6
SHA1: fb1e0c07a89b68d0670b2ebf548b6e076eaf8bdb
SHA256: 06707c688782793a9f9e48388edc9439237a860f9e66019272a881a3aa5ea6ab
Import Hash : c5589c454a6cc047af7ca179d9606bdd
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://140.83.50.60:8001/cry/06707c688782793a9f9e48388edc9439237a860f9e66019272a881a3aa5ea6ab.exe.exe VirusTotal Report 140.83.50.60 VirusTotal Report 2024-09-28 23:05:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x143b 5632 fa7eeef5110015db4fd967c208983ac79f5e4f9a 7323f04232999f4649732e6bba867177
.rdata 0x3000 0xfb2 4096 2419cf4f781eaff2ab8ce9d3bb48e92985acbf5c 8e635162e5ef3834e54cf34c6da86afc
.data 0x4000 0x644 512 2e316429447e390eac9f98fc7def292b86ab79b8 5855efe42e44d1954c24a34a8499e684
.rsrc 0x5000 0x20564 132608 e089347bd080ce731dbc43a83160c81273f3ff30 5fafe02f55dff8a20bfd8933ab8a0ab3
.reloc 0x26000 0x4e2 1536 cf1da80059a1998d4fe0ff6554fd6522f3d09ea6 bd1f72eb7455742a1bd95a2e4704bb22

PE Resources 8

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x107f4 1128
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_US 0x10c5c 74
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x10ca8 300
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x10dd4 56
RT_ACCELERATOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x10e0c 16
RT_RCDATA LANG_ENGLISH SUBLANG_ENGLISH_US 0x10e1c 82944
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x25294 118
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x2530c 598

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 3

IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Data
cookies4.dat
Text
v_%d\info.txt
status.txt
v_%d\status.txt
\status_f.txt
Library
ADVAPI32.dll
MSVCP90.dll
USER32.dll
WININET.dll
MSVCR90.dll
GDI32.dll
KERNEL32.dll

Import functions