hunta.exe

First submission 2024-02-09 12:02:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2316.5 KB (2372096 bytes)
Compile time: 2024-02-09 08:51:44
MD5: 094c7deac7308ea0c8e656efae033a64
SHA1: 66c42beb4772795df0ed3f114075931207803694
SHA256: 0d6e67982ed0f6e5eb2add58dfa540240a05477bb9a8962e20f9efe16931c8f2
Import Hash : 2eabe9054cad5152567f0699947a2c5b
Sections 7 .rsrc .idata faxclhsf jwmdwaqx .taggant
Directories 3 import resource relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.107.182.38/dalas/hunta.exe VirusTotal Report 109.107.182.38 VirusTotal Report 2024-02-09 12:02:02

PE Sections 6 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x136000 585216 3598da9f86a5edcb3159325b840b98dc4d6f1b60 56a13fa56e0bfbeaea8071a4a5de9141
.rsrc 0x137000 0x110a0 8192 80baf9bda89d5dbbb18b2e99e847f047c7004617 e1620ced02928a4d0425befbfda752b0
.idata 0x149000 0x1000 512 5e2665ef83d53c2c9333b29ae262182f2c55c30c 588e00183b8b4dbb8c7106492f04143d
0x14a000 0x2b8000 512 5f17a7254f511f3a51c2b590aab336cbbfbbe458 498ea8523a5dadffc3e8115005f886a8
faxclhsf 0x402000 0x1af000 1763840 2ff8765f9fd9131f3c7889a4dda4f6897a83f3bd 3b8ddaf6f4d69e74a428247ea5309694
jwmdwaqx 0x5b1000 0x1000 1024 81c2461fa2eba6a5296abddce4df043d2caceed4 234aa60f2603d18de860499fef97f206
.taggant 0x5b2000 0x3000 8704 bf8ff6bbecbbec24957d67a763b0d5bf42accfb8 2ffe6cb980c1adb83f8a610afa969fd9

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x59fa84 67624
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x5b02ac 20
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x5b02c0 692
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x5b085a 381

Meta infos 9

LegalCopyright: (c) 1999-2022 Jonathan Bennett
InternalName: Ay3Info.exe
FileVersion: 3.3.16.1
CompanyName: Au3
ProductVersion: 3.3.16.1
FileDescription: Ay3Info
Translation: 0x0409 0x04b0
OriginalFilename: Ay3Info.exe
ProductName: Ay3Info

Anti debug functions 1

VMware trick

Strings analysis - File found

Library
KERNEL32.dll

Strings analysis - Possible IPs found 1

3.3.16.1

Import functions

Name Latest seen MD5
dota.exe 2024-02-06 05:06:03 9e4d39ed30534cc58a95507c99370a47
amert.exe 2024-02-06 06:41:03 a3cd3871ba24037d9aba6b0b053cf34a
rega.exe 2024-02-07 02:02:02 43836f75d5662bc72af946abefe786ce
bucha.exe 2024-02-08 03:22:04 3e9650a7b961e437db222dfb746e2be9
ladas.exe 2024-02-08 07:03:03 2fae8d32357ed07bf6a6b216f376f867
hunta.exe 2024-02-10 13:41:02 48bd66cb49e7451cbdb078e2698a1290
micro.exe 2024-02-10 15:22:02 bfcbce795272ae853a343628bd213390
loster.exe 2024-02-11 00:01:02 62888e93e8a9b835451bd3371d4b5218