Bootstrapper.exe?ex=670cb5b6&is=670b6436&hm=287f9d506e66ad9487fb3aa75958646ddd1090c3c3b06db5da8ff1236b8dc07d&
First submission 2024-10-13 17:20:02
File details
| File type: | PE32 executable (console) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 3545.5 KB (3630592 bytes) |
| Compile time: | 2067-12-17 02:34:11 |
| MD5: | 04c7a2ff19228353eb7767f267bf04c8 |
| SHA1: | c71c84cd6d037397138538af1f65a48623e791e2 |
| SHA256: | b3be2c71193c51251c00720bb597e931f6650f5484d0fea28500acfcf0c84291 |
| Import Hash : | 4328f7206db519cd4e82283211d98e83 |
| Sections 7 | .idata�� .rsrc��� .themida .boot��� |
| Directories 2 | import resource |
File features detected
Is DLL
Packers
Anti Debug
Signed
XOR
OSINT Enrichments
| Virus Total: | 54/77 VT report date: 2024-10-13 01:55:36 |
| Malware Type 1 | trojan |
| Threat Type 3 | delshad r002c0wil24 themida |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXps://cdn.discordapp.com/attachments/1289643568792604756/1289650326915518475/Bootstrapper.exe?ex=670cb5b6&is=670b6436&hm=287f9d506e66ad9487fb3aa75958646ddd1090c3c3b06db5da8ff1236b8dc07d&  |
cdn.discordapp.com |
2024-10-13 17:20:02 |
PE Sections 4 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| 0x2000 | 0x2000 | 4096 | 1c7289e5a76c521fa44b09f4f5aad76bad514dbe | 485d393e3bb16109601c78555ac9db93 | ||
| 0x4000 | 0x60c | 1024 | d64e08662e6d330b004b4905f2d3ee6deb8a5369 | 7e43b7bfd8d3b86a10bfe98e4b3ac2a8 | ||
| 0x6000 | 0xc | 512 | 73ddca51386ec82ccec39756fe3153f85cd4ca02 | 6628e1d684951a52a0297858e8064f93 | ||
| .idata�� | 0x8000 | 0x2000 | 512 | 1a1837c723f5a1fa7edd9e9df6dedfa44c353fc7 | 404403365dcb4a9a6bff62a32565ee50 | |
| .rsrc��� | 0xa000 | 0x2000 | 2048 | 487ce023c872f36e95b259df90dfd0638d8e1a8b | 38f75fcc012c3b0c318f3a876f5a1e4f | |
| .themida | 0xc000 | 0x5aa000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .boot��� | 0x5b6000 | 0x374200 | 3621376 | 501a7a8487dc409d85b7d1b3787308edd27d363e | ef696169b7f9dbddb5cc492edc25f611 |
PE Resources 2
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0xa090 | 892 | |
| RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xa41c | 490 |
Meta infos 12
| LegalCopyright: | Copyright \xa9 2024 |
| Assembly Version: | 1.0.0.0 |
| InternalName: | Scythex Bootstrapper.exe |
| FileVersion: | 1.0.0.0 |
| CompanyName: | |
| LegalTrademarks: | |
| Comments: | |
| ProductName: | Scythex Bootstrapper |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | Scythex Bootstrapper |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | Scythex Bootstrapper.exe |
Anti debug functions 1
| VMware trick |
Strings analysis - File found
| Library |
| mscoree.dll |
| KERNEL32.dll |
Import functions
| Name | Latest seen | MD5 |
|---|---|---|
| installer.exe | 2022-08-31 17:08:02 | 106078bb0964b75800da2013419239d9 |
| avicap32.exe | 2022-09-06 13:21:02 | ef9029e808dfd848d69f22259d632f67 |
| avicap32.exe | 2022-09-30 14:01:06 | 79d920d3f6ec2a24b730bffc8eed4f18 |
| avicap32.exe | 2022-10-05 12:22:04 | aa9aeef0c7f798b7a2304a36f019a4d5 |
| 1.exe | 2022-10-13 08:56:05 | bece8b42f8473c0dc498ad404a487c62 |
| worm.bin | 2022-10-22 05:54:03 | 48d11c57b060a15a385e1f8ee202f80c |
| zLpx37ep7aQl9MzpcONiUr9Z74tbmB.exe | 2022-11-14 07:50:08 | 47d1d183f587ed0c414311efd3240225 |
| zLpx37ep7aQl9MzpcONiUr9Z74tbmB.exe.exe | 2022-11-16 08:43:09 | d555d25d639ce81ace4591e454ee3184 |
| mp.exe | 2023-01-16 18:23:05 | 46dfa095c035fb6ae428b79b6736ec61 |
| ws.exe | 2023-01-16 18:24:04 | c9a81dcabe30d055caca7db9affe0248 |
| download1.exe | 2023-01-19 14:17:03 | 373d6b1f8629a4772a2c4712737c354c |
| tube.exe | 2023-01-20 03:52:02 | 01b8e515d67bd370e13b5bc1d2526871 |
| 52.exe | 2023-01-31 08:41:03 | 12f82bd59a4b2273510a7a2c01b82f6b |
| 85.exe | 2023-03-13 12:20:03 | ec50388a69792d133c1298e1dceb40a6 |
| update_v101.exe | 2023-04-14 08:21:02 | 5505dc203820a5a773695fbdb25d79ea |
| YoutubeAdvert.exe | 2023-06-14 10:25:02 | 4509256a05f0d4090c11f2d424a33529 |
| data64_3.exe | 2023-06-15 23:17:02 | 819ebb36bf053ef2d41eec6fc3433e0e |
| data64_3.exe | 2023-06-21 08:49:07 | 6375b46cec76be55885593736cd40270 |
| yftdgfgjyfdtxfcgvhbjgkjyfhtdcgvhgjyfhtdc.exe | 2023-06-24 12:32:03 | 29d48c1a6adcb603baedeb81ecb746a2 |
| new.exe | 2024-05-15 18:46:03 | 8bb15c76e2d55780ced07a1a2c589486 |
| logo2.jpg | 2024-05-28 18:24:03 | b162133322f47da52b67dab3f9b3b21e |
| ven_protected.exe | 2024-09-02 02:35:12 | d0dd63b98bf3d7e52600b304cdf3c174 |
| Client_protected.exe | 2024-09-27 16:41:03 | 19574d1c471ceaa99d0d05321e7beba4 |