504.exe

First submission 2022-08-03 20:12:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 462.5 KB (473600 bytes)
Compile time: 2022-02-09 19:22:02
MD5: 04f5b2bd193cfbc571ebb0aac306ccb3
SHA1: 833e8b161d5cee4fea9b525eb6b72377ee83b49d
SHA256: 1951a59d71b0b4ff98fc0499efc2d30c51f02f169580c04b25f702e9d2d46e45
Import Hash : 029a987f21e33b48f24d21b6f9ff1129
Sections 7 .text .rdata .data .tls .gfids .rsrc .reloc
Directories 5 import resource debug tls relocation
Virus Total: 54/71 VT report date: 2022-08-03 16:06:52

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://jg.studio/504.exe VirusTotal Report jg.studio VirusTotal Report 2022-08-03 20:12:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x52aed 338944 de59e4ca964512050b041a15ae81756d711c8313 22ca55e1b948eef6d8eaa74c178eb61c
.rdata 0x54000 0x16fb4 94208 352f6a2ff2e34506e7d6759af55eaa9aeda3f7b1 58738501e97e6c76ea591261c4b943d8
.data 0x6b000 0x3eec 3584 a069a2cddd54faf4620819c79e6b50ab370798cb 90efd231c85fb53e2e544c3917cc650c
.tls 0x6f000 0x9 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.gfids 0x70000 0x230 1024 543908de16087fdc46fd32bba746b043f69effd0 68b4acc15e6a4d63a54be2808ea37520
.rsrc 0x71000 0x4bc8 19456 1d011e219e7954e5993801e3217fe1603dadb510 886317ff75ef62e930880f3075f5fbd8
.reloc 0x76000 0x3884 14848 3bc93ba4ff3fd609d08cb71ba1f2459349330701 3eea2222f194b26e650b5b689079235b

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ITALIAN SUBLANG_ITALIAN 0x73024 9640
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x755cc 1465
RT_GROUP_ICON LANG_ITALIAN SUBLANG_ITALIAN 0x75b88 62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Database
\key3.db
Text
\sysinfo.txt
license_code.txt
Library
mscoree.dll
KERNEL32.dll
SHLWAPI.dll
WINMM.dll
ADVAPI32.dll
ntdll.dll
WS2_32.dll
USER32.dll
PSAPI.DLL
SHELL32.dll
Powrprof.dll
gdiplus.dll
urlmon.dll
GDI32.dll

Import functions

Name Latest seen MD5
Kante98.exe 2022-03-02 10:55:02 97f29f1582b5af3a48c557ac0d83bec3
hh.exe 2022-03-17 19:02:01 44ae6be8ffaa6f53c990c3e58a482971
regg.exe 2022-03-22 01:38:01 427f1494e1a52d28b862510add64ed15
DHLL.exe 2022-03-24 15:51:02 8245b52e309dea8c63cd26155647298b
99.exe 2022-03-24 23:43:02 def5e965c4a177ef419a5382ed0f45d5
harvey.exe 2022-03-26 10:49:01 ca27d1e84e00b7a1d86d784c9516a41f
33.exe 2022-03-28 21:02:02 64d7045bb593fcb01e73d22c1cfcc38c
STC.exe 2022-03-30 01:34:02 b933b611ce9fad4e6ea2a50a45388039
SAS.exe 2022-04-05 03:10:02 7d800b2a825316b0b0457eb8e47142ee
BADDEST.exe 2022-04-05 20:45:03 91a143928b17958a04875a7bc322bc48
8888.exe 2022-04-05 22:03:01 2c528cc769588b0e27903bc6cea1b32a
7777.exe 2022-04-06 18:19:02 af55f4f0ffbbf50f4307021641f33678
hart.exe 2022-04-08 04:09:02 b1c9f2fc6258a5d92275772d639d8a3d
har.exe 2022-04-08 23:21:02 f81dbefe25f9ce6113ca870505cc0810
Turk.exe 2022-04-16 05:41:01 40d82a004c7e5b07a82fea2037f97cb3
a1wr.exe 2022-04-23 18:41:02 a76746acdd25c4f0800a64847962282a
1.exe 2022-06-18 08:16:03 b88d08039e00b7f812f00612bdacd07c
4.exe 2022-06-18 08:30:03 1b0fcb758db13bbc5233239bae1de2b9
s.exe 2022-06-18 08:31:03 f1b55410ed2dbb79bc832cc8dcafd047
z.exe 2022-06-18 08:44:03 28afb35b42a002ef55e554c060e730cd
6.exe 2022-06-18 08:46:03 e37ca9486ea18cef00f0322d2385c2ac
41.exe 2022-06-18 08:47:03 dac30ffff266ed8b7aaaadde0dd0df1c
8.exe 2022-06-30 19:23:02 3d88a2651713a9cf1b8eca4a6a3783fe
1.exe 2022-06-30 19:25:02 504bba9f6bd183e67b7cb0dfb8766f63
2.exe 2022-06-30 19:51:02 ff972845d37e50804e2c4cb86f3f743a
mMLBa.exe 2022-07-26 20:01:03 096492414fe97b8cc2740ef65e909f54
remcos_agent.exe 2022-07-28 16:51:02 335b1296fa572b01158f7e8ef89c7064
8.exe 2022-08-03 14:42:01 dee8aee08099b043b5de884349a31792
c.exe 2022-08-03 14:43:02 5594e0ca7eaa0ae566ff83214c547e78
b.exe 2022-08-03 15:19:02 2a2ee40a729b9e1dcf30327a115b9652
77.exe 2022-08-03 20:13:01 b4c7966345974a5554e5d99fa2800297