%E6%94%BE%E5%81%87%E5%80%BC%E7%8F%AD%E5%AE%89%E6%8E%92.exe

First submission 2024-08-30 22:57:09

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 1166.0 KB (1193984 bytes)
Compile time: 2023-01-05 10:03:54
MD5: 07898838cbb961a9c4a61b180b6b48da
SHA1: f5d2817582a4b0814039fda6ca0619e4a4dd58c2
SHA256: bd9982c5696868d795ca294b7f273e0f3cd4b639c3e49d2aa021be7a21fb94c2
Import Hash : bc559f8ca78b1db60e2a644532d66292
Sections 7 .text .rdata .data .pdata _RDATA .rsrc .reloc
Directories 5 import resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 16/78 VT report date: 2024-08-30 22:32:15
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://8.134.12.90/%E6%94%BE%E5%81%87%E5%80%BC%E7%8F%AD%E5%AE%89%E6%8E%92.exe VirusTotal Report 8.134.12.90 VirusTotal Report 2024-08-30 22:57:09

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x76f3c 487424 5a16ecbe4110dc68a23828292cead75cac68273b 7fea2feec35aa225859bbb36ca6b88a1
.rdata 0x78000 0x1d0fe 119296 230dc1cd9d17899a8cb4628d5899fa99b27e718d d6996aceb2a6405b271c327eeab79fb6
.data 0x96000 0x6244 17408 c811c3808a4e2e8c209751a68acf0e40586b69bc 57deba13f927879e655250a3877649c6
.pdata 0x9d000 0x5088 20992 685507afe429f3dc10fdbb1f8878e6215c4d3c2a ae4b8b9d0be8b943deee37b9c41c8801
_RDATA 0xa3000 0x15c 512 f02d3de8eb9a6e5f0c34a5fa1d2c54a574516988 9313e0a67912fd02e4a12df06c7383c6
.rsrc 0xa4000 0x849d8 543232 b34012a1a4b7847b6851f6791fe9b2ade5b5b319 e664e3a5fcd558ccefd674db48704697
.reloc 0x129000 0xfbc 4096 e5389432fe7415ac5d52783271c9858c00ea8f08 4e7b3093a354d3267d201b36d4df3555

PE Resources 6

Name Language Sublanguage Offset Size Data
CSS LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x128728 65
PNG LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0xc18b0 421494
RT_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0xc13e8 1128
RT_GROUP_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0xc1850 90
RT_HTML LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x128770 232
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x128858 381

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
api-ms-win-core-synch-l1-2-0.dll
mscoree.dll
KERNEL32.dll
WS2_32.dll

Strings analysis - Possible URLs found 1

http://

Import functions