zxcv.EXE

First submission 2022-07-15 03:24:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1004.0 KB (1028096 bytes)
Compile time: 2022-07-10 14:08:42
MD5: 08802514f3c2c303d54e4a47a8db54f2
SHA1: ebe7c3ac64ce312ca370bcd07d49de5ad1369d93
SHA256: 28455b1a0b29240e95877cff96528b3a196f0cf3a63d9980dc70349cdc0e1e74
Import Hash : bf2c8924eb497431bbc72248941dbd65
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total: 53/69 VT report date: 2022-08-04 03:51:20

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 4

URL Host (FQDN/IP) Date Added
hXXp://charisma.ac.ug/ghjk.exe VirusTotal Report charisma.ac.ug VirusTotal Report 2022-07-15 03:24:02
hXXp://karimgousa.ug/zxcv.EXE VirusTotal Report karimgousa.ug VirusTotal Report 2022-07-15 10:52:07
hXXp://marksidfgs.ug/asdf.EXE VirusTotal Report marksidfgs.ug VirusTotal Report 2022-07-23 12:44:09
hXXp://marnersstyler.ug/zxcv.EXE VirusTotal Report marnersstyler.ug VirusTotal Report 2022-08-04 08:31:06

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xf75d0 1015808 7d6b3a581543c73b9c1fca31a710c30454bcb5d6 df64f35a1f86cf2a54f65ea7750de198
.data 0xf9000 0x1d38 4096 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d 620f0b67a91f7f74151bc5be745b7110
.rsrc 0xfb000 0x248 4096 9ccece9d373f36f97328e163f2e0ae167204b943 3f951a71d2380cd745b070a9d03c6dde

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_GERMAN SUBLANG_GERMAN 0xfb058 496

Meta infos 6

Translation: 0x0407 0x04b0
InternalName: wmernvcqsya
ProductVersion: 1.00
FileVersion: 1.00
OriginalFilename: wmernvcqsya.exe
ProductName: rvcdawdafe

Strings analysis - File found

Library
SHLWAPI.dll
MSVBVM60.DLL
VB5!6&VB6DE.DLL
USER32.dll
KERNEL32.dll
ADVAPI32.dll
VBA6.DLL
Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Object
TABCTL32.OCX
Codejock.SkinFramework.Unicode.v15.2.1.ocx
Codejock.Markup.v15.2.1.ocx
Codejock.FlowGraph.v15.2.1.ocx

Import functions