file.exe

First submission 2023-09-14 03:12:04

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Mime type:	application/x-dosexec
File size:	359.98 KB (368618 bytes)
Compile time:	2021-09-25 23:56:47
MD5:	03e76b7a2245db6a2b342dae3fb3c7ed
SHA1:	028f49426cb8c0bf4979d6fa925177776b11effc
SHA256:	314b0463e6de6de56467f023dd2ddbf799d883e2e65552ddf2b87f607eedc5ae
Import Hash :	61259b55b8912888e90f516ca08dc514
Sections 5	.text .rdata .data .ndata .rsrc
Directories 2	import resource
Virus Total:	22/70 VT report date: 2023-09-14 00:47:38

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://77.91.68.78/lend/file.exe	77.91.68.78	2023-09-14 03:12:04

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x6676	26624	55517dc6ad93689679677d152abfdd1ce20f1135	6f5abe9eeda26ee84b3c1ed1a6c82001
.rdata	0x8000	0x139a	5120	dc4f14d019cad6646b38852dfb7370532acafebc	8c5edfd8ff9cc0135e197611be38ca18
.data	0xa000	0x20378	1536	f45486287d474fdcafc99c24e37c4eb61bf613b3	4b2421975c21b032f7ea000f5e7f9fbf
.ndata	0x2b000	0x10000	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x3b000	0xca0	3584	a6524f9266dee059d0db875812797fbcba62885f	2232b7265c39de813619323873eb3f9a

PE Resources 5

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3b1d8	744
RT_DIALOG	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3b6e0	96
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3b740	20
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3b758	520
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3b960	830	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.08</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>

Meta infos 6

LegalCopyright:	Copyright planulate
FileVersion:	4.25.49.63
CompanyName:	planulate
Translation:	0x0409 0x04b0
FileDescription:	startles
ProductName:	4.25.49.63

Anti debug functions 2

FindWindowExW
GetLastError

Strings analysis - File found

Library
%s%s.dll
SHELL32.dll
ADVAPI32.dll
USER32.dll
COMCTL32.dll
ole32.dll
KERNEL32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

4.25.49.63

Strings analysis - Possible URLs found 1

http://nsis.sf.net/NSIS_Error

Import functions

GDI32.dll 8 SHELL32.dll 6 KERNEL32.dll 65 ADVAPI32.dll 13 ole32.dll 5 USER32.dll 64 COMCTL32.dll 4

Function	Address	Souspicious	Anti Debug
SetBkMode	0x40804c
SetBkColor	0x408050
GetDeviceCaps	0x408054
CreateFontIndirectW	0x408058
CreateBrushIndirect	0x40805c
DeleteObject	0x408060
SetTextColor	0x408064
SelectObject	0x408068

Function	Address	Souspicious	Anti Debug
SHGetSpecialFolderLocation	0x408178
SHFileOperationW	0x40817c
SHBrowseForFolderW	0x408180
SHGetPathFromIDListW	0x408184
ShellExecuteExW	0x408188
SHGetFileInfoW	0x40818c

Function	Address	Souspicious	Anti Debug
GetExitCodeProcess	0x408070
WaitForSingleObject	0x408074
GetModuleHandleA	0x408078
GetProcAddress	0x40807c
GetSystemDirectoryW	0x408080
lstrcatW	0x408084
Sleep	0x408088
lstrcpyA	0x40808c
WriteFile	0x408090
GetTempFileNameW	0x408094
lstrcmpiA	0x408098
RemoveDirectoryW	0x40809c
CreateProcessW	0x4080a0
CreateDirectoryW	0x4080a4
GetLastError	0x4080a8
CreateThread	0x4080ac
GlobalLock	0x4080b0
GlobalUnlock	0x4080b4
GetDiskFreeSpaceW	0x4080b8
WideCharToMultiByte	0x4080bc
lstrcpynW	0x4080c0
lstrlenW	0x4080c4
SetErrorMode	0x4080c8
GetVersionExW	0x4080cc
GetCommandLineW	0x4080d0
GetTempPathW	0x4080d4
GetWindowsDirectoryW	0x4080d8
SetEnvironmentVariableW	0x4080dc
CopyFileW	0x4080e0
ExitProcess	0x4080e4
GetCurrentProcess	0x4080e8
GetModuleFileNameW	0x4080ec
GetFileSize	0x4080f0
CreateFileW	0x4080f4
GetTickCount	0x4080f8
MulDiv	0x4080fc
SetFileAttributesW	0x408100
GetFileAttributesW	0x408104
SetCurrentDirectoryW	0x408108
MoveFileW	0x40810c
GetFullPathNameW	0x408110
GetShortPathNameW	0x408114
SearchPathW	0x408118
CompareFileTime	0x40811c
SetFileTime	0x408120
CloseHandle	0x408124
lstrcmpiW	0x408128
lstrcmpW	0x40812c
ExpandEnvironmentStringsW	0x408130
GlobalFree	0x408134
GlobalAlloc	0x408138
GetModuleHandleW	0x40813c
LoadLibraryExW	0x408140
MoveFileExW	0x408144
FreeLibrary	0x408148
WritePrivateProfileStringW	0x40814c
GetPrivateProfileStringW	0x408150
lstrlenA	0x408154
MultiByteToWideChar	0x408158
ReadFile	0x40815c
SetFilePointer	0x408160
FindClose	0x408164
FindNextFileW	0x408168
FindFirstFileW	0x40816c
DeleteFileW	0x408170

Function	Address	Souspicious	Anti Debug
RegCreateKeyExW	0x408000
RegEnumKeyW	0x408004
RegQueryValueExW	0x408008
RegSetValueExW	0x40800c
RegCloseKey	0x408010
RegDeleteValueW	0x408014
RegDeleteKeyW	0x408018
AdjustTokenPrivileges	0x40801c
LookupPrivilegeValueW	0x408020
OpenProcessToken	0x408024
SetFileSecurityW	0x408028
RegOpenKeyExW	0x40802c
RegEnumValueW	0x408030

Function	Address	Souspicious	Anti Debug
OleInitialize	0x408298
OleUninitialize	0x40829c
CoCreateInstance	0x4082a0
IIDFromString	0x4082a4
CoTaskMemFree	0x4082a8

Function	Address	Souspicious	Anti Debug
GetClientRect	0x408194
EndPaint	0x408198
DrawTextW	0x40819c
IsWindowEnabled	0x4081a0
DispatchMessageW	0x4081a4
wsprintfA	0x4081a8
CharNextA	0x4081ac
CharPrevW	0x4081b0
MessageBoxIndirectW	0x4081b4
GetDlgItemTextW	0x4081b8
SetDlgItemTextW	0x4081bc
GetSystemMetrics	0x4081c0
FillRect	0x4081c4
AppendMenuW	0x4081c8
TrackPopupMenu	0x4081cc
OpenClipboard	0x4081d0
SetClipboardData	0x4081d4
CloseClipboard	0x4081d8
IsWindowVisible	0x4081dc
CallWindowProcW	0x4081e0
GetMessagePos	0x4081e4
CheckDlgButton	0x4081e8
LoadCursorW	0x4081ec
SetCursor	0x4081f0
GetSysColor	0x4081f4
SetWindowPos	0x4081f8
GetWindowLongW	0x4081fc
PeekMessageW	0x408200
SetClassLongW	0x408204
GetSystemMenu	0x408208
EnableMenuItem	0x40820c
GetWindowRect	0x408210
ScreenToClient	0x408214
EndDialog	0x408218
RegisterClassW	0x40821c
SystemParametersInfoW	0x408220
CreateWindowExW	0x408224
GetClassInfoW	0x408228
DialogBoxParamW	0x40822c
CharNextW	0x408230
ExitWindowsEx	0x408234
DestroyWindow	0x408238
CreateDialogParamW	0x40823c
SetTimer	0x408240
SetWindowTextW	0x408244
PostQuitMessage	0x408248
SetForegroundWindow	0x40824c
ShowWindow	0x408250
wsprintfW	0x408254
SendMessageTimeoutW	0x408258
FindWindowExW	0x40825c
IsWindow	0x408260
GetDlgItem	0x408264
SetWindowLongW	0x408268
LoadImageW	0x40826c
GetDC	0x408270
ReleaseDC	0x408274
EnableWindow	0x408278
InvalidateRect	0x40827c
SendMessageW	0x408280
DefWindowProcW	0x408284
BeginPaint	0x408288
EmptyClipboard	0x40828c
CreatePopupMenu	0x408290

Function	Address	Souspicious	Anti Debug
None	0x408038
ImageList_Create	0x40803c
ImageList_Destroy	0x408040
ImageList_AddMasked	0x408044

Name	Latest seen	MD5
macilak2.1.exe	2023-05-24 20:34:03	1923b005546de11d38b39e4d3874c045
newamka2.1.exe	2023-05-25 06:00:02	bab6fa4f7c011c79009c17b8c419cc8a
ostraj2.1.exe	2023-05-26 04:36:03	21ffcbf147759f82745f07bfdb0662f4
swiss.exe	2023-05-26 09:41:03	9e57567ee21222fa361798821a9571aa
macrigan2.1.exe	2023-05-29 22:18:03	c5f9705e5682c03412ec7ca32e22c17c
smss.exe	2023-05-30 09:52:02	d9e03dba3c5cce141156dc0cdd710b31
smss.exe	2023-05-30 13:13:02	c044a0d5c30ed978cc2fdde590e037ec
smss.exe	2023-05-31 14:25:02	2cdc1ec873cdfe7feaa1b2ec9c246629
dd.exe	2023-06-01 08:01:03	6ea6237fd00b52f59dbb5ad00f11bd9d
wasx.exe	2023-06-01 09:18:02	5d278b330412fc5f0b05a6168e4663f7
ventascry.exe	2023-06-01 09:19:03	8a1e832674033cb7fdd73a8cf55971fd
eee23xe.exe	2023-06-03 09:27:02	19cb6550343998faee16c4f604a25f56
ojawar2.1.exe	2023-06-10 17:48:02	6b43c223d7bf1db3d6287decf2504719
cleanmgrs.exe	2023-06-13 13:10:03	bc3d73265d436ee95d52f88589993f52
cleanmgrs.exe	2023-06-13 13:21:02	0a5bf39759616592c2d8b63fc4192a2f
orimaje2.1.exe	2023-06-15 10:01:02	d7af0517b5d3fb8796ee44e44f3439b0
cleanmgrse.exe	2023-06-15 10:19:03	df4f4d8f3a20196e3cbeddfad102cfa5
cleanmgr.exe	2023-06-17 06:14:03	0556da46f62c3da93a0de233dc1d76a9
maps.exe	2023-06-17 06:15:02	02f7c729e7344aad545091d1bc408658
cleanmgr.exe	2023-06-17 06:16:02	1680103ba897689ec92f5940e043afb4
maps.exe	2023-06-17 07:54:02	622db6be2018e48a527cd178ae2f94b5
unsecapp.exe	2023-06-19 13:31:03	aa0bf88f08fb6d4ab0286244020d6518
liboshed2.1.exe	2023-06-19 14:05:03	4e13394b41e8d0cf8b1721aabdbfd719
juneowar2.1.exe	2023-06-19 18:28:03	ec77a84dddf6fef090dde4d2ab3a1007
nejorg2.1.exe	2023-06-19 18:31:04	a679e481d2868515a01976a1120c909c
pamac2.1.exe	2023-06-19 18:32:03	27070e69754c12f67e5541c7f0203f0a
lsass.exe	2023-06-20 07:09:03	fa24b7c4c3dc0c6d0b942eb96e4f18a0
DaHost.exe	2023-06-20 08:58:03	a048d50c92a80b789d2f68ff061376e1
lsass.exe	2023-06-20 09:28:03	af391ee598dcad6563b79a84a3976215
DaHostss.exe	2023-06-20 16:20:02	2d8cdf3b19f42ca059d7b02eea23ee17
unsecapp.exe	2023-06-21 07:03:03	297c423d2a4a52a7f109240ae70b4ca1
DaHostss.exe	2023-06-21 08:58:02	c5e31856527c65df6382fbc50deb1ded
shebronzy3.1.exe	2023-06-21 16:12:04	42a9512c2462575e98db4a30d1388f94
soft.exe	2023-06-22 16:58:03	fb374beeac9dbd0ce642063538e54cc6
festkon2.1.exe	2023-06-23 12:58:04	f14a6c2f0c53470577f1e3a66e34fe64
kashef2.1.exe	2023-06-23 12:59:03	77aa11300e110d3934f871a3820dbd12
ojonakon2.1.exe	2023-06-23 13:00:03	eb4ec13e49edaa7b70956780c01e766a
IE_Global.exe	2023-06-25 05:55:02	6b90959b8fe28679025b61b5cdae040b
agodzx.exe	2023-06-27 08:33:02	8001fc3355e347ebeb82daf3170e884e
good.exe	2023-06-27 08:59:03	6cd68ce9a80f20a78a5f1202bb4fa900
papizx.exe	2023-06-28 06:55:02	4daef76971794649d0c0bcc97a9fd246
soft1.eXE	2023-06-29 09:31:02	0be1c5894e7ff3044ed425a395e03737
iccu.exe	2023-06-30 07:11:02	7c52031c4ed1a6922317bf2c668a3308
now.exe	2023-07-03 10:56:03	a740cb29c91bcad28266378943b0dc01
chimoney.exe	2023-07-03 10:57:03	0b96703d2baeaa0e8cfc7bc29ee8821d
RegEdit.exe	2023-07-04 10:31:03	923b2cf57335ee5730c03f793b9b465a
RFQ098654578.exe	2023-07-05 06:53:03	246ba2f9ceb20a58fe5c16540ba7ad2b
ibm_Centos.exe	2023-07-05 15:54:03	420a0137eaa22be40636008e05d8005a
ibm_Centos.exe	2023-07-06 06:37:03	96747c013d4d5da97af5acb7bce91c33
berrashok2.1.exe	2023-07-06 16:12:02	64273b56a78b2ba729ca0d023f06b51b
win.exe	2023-07-06 19:55:02	1bd5879fca03e9398079dc4ec9789c94
enstomc2.1.exe	2023-07-07 07:14:02	dc1ced16440c1685cfc2bfe7c9fda083
win.exe	2023-07-07 10:56:04	261fad7a9f8939250bf2c3c1406f0fe9
R0986545678.exe	2023-07-09 15:23:01	82f1824f39b1df02b1254991df0b0655
igccu.exe	2023-07-13 16:03:02	8389ef289fda3d0c64e8b482f820b628
maximan2.1.exe	2023-07-14 09:22:03	d534b629964d561e1e0deccf08ff6687
igccu.exe	2023-07-16 07:28:03	6866244119d607e5bef5b9e649619f54
wind.exe	2023-07-16 13:03:02	5af410f004c467ec40f00a34b3d9a49f
csrssfs.exe	2023-07-19 21:07:03	2bdd38681778a2be9d40177c6f8a3319
csrssnj.exe	2023-07-19 23:46:03	3b08d70445120f2ef571828dde9d6be3
ChromeSetup.exe	2023-07-20 06:01:02	70462b94519e8f0354cdde7584e536ce
ChromeSetup.exe	2023-07-20 06:47:02	12864f3dc3fbedfb22b049d0b7ea8958
r8LO6JsBFr.exe	2023-07-24 17:46:03	39bd04b9ae7385809776dc4bad0eb9ff
ChromeSetup.exe	2023-07-25 20:41:02	22866422e864635234b55a5d84fae10c
wininit.exe	2023-07-28 06:41:03	a0bfccb8cc68d350b02287d70507e70d
vvlio7wypLsHed.exe	2023-07-28 16:37:02	732d840080e5382a366afe1ffd3e7aa3
woproz2.1.exe	2023-07-29 07:44:02	9c2b4213a8a1a6ba0dd80dba7c012337
IB_iso.exe	2023-08-02 20:17:03	4ef341e4b9c3229fe2281ddece402c22
controvoke2.1.exe	2023-08-29 08:33:03	d9c73015513d50dcc91ee0d56b230d7e
csDacTFVcVlight.exe	2023-08-29 15:56:03	4e35298ad766b3427abee9ed4e992469
lSk9TNygAAlight.exe	2023-09-01 23:31:03	7fc12805bd6af1082f3689b424eb3f4c
xdH7gVyTN5ike.exe	2023-09-05 07:32:04	a31cdab9f9a5355fce8b0c144825b5a9
LtlxdH7svHneo2.1.exe	2023-09-06 08:32:03	d802bc50f7321efb13358d27280910ca
jomantelneo2.1.exe	2023-09-06 08:35:03	a39ba4aaaf02b67dec94187aae8ee1fe
ORo0LtlX0gmac.exe	2023-09-06 08:51:03	14d292bf807057abe213a87a80b25f21
ChromeSetup.exe	2023-09-07 15:31:03	b2aff4034e70921c51bc334135e61887
igfxCU.exe	2023-09-09 09:11:04	e99042bc75c1e7c4ae8803b59a817975
jasonity.exe	2023-09-13 09:53:02	ebc6872f8bcf84a2ea0b161e2b0d428c
centralimac2.1.exe	2023-09-13 18:12:04	3d0b5853a55bbeea47f1f6f82729e96f
centrolineo2.1.exe	2023-09-14 05:31:04	01b5157dcb56db2036caf9cbec0c93f2
hkcmd.exe	2023-09-15 09:32:02	3950dff062247d4ac80e50a52313f198
igccu.exe	2023-09-15 13:11:02	7792584e7661ad0c5fee992337ebf3bd

file.exe

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 5

Meta infos 6

Anti debug functions 2

Strings analysis - File found

Strings analysis - Possible IPs found 1

Strings analysis - Possible URLs found 1

Import functions

Related files by ImpHash 82 61259b55b8912888e90f516ca08dc514