DigitalSide Threat Intel

crypted.exe

First submission 2024-10-14 18:53:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 285.04 KB (291880 bytes)
Compile time: 2024-10-13 20:06:15
MD5: 09d0e438a6a8666361559becb0359e5f
SHA1: 2a870a63e10c2df1b3b86e16f779b016bb5a9613
SHA256: cf5fa96f42120ec1a33fac86ac171e1fe669b05b2e35b51e2e24249650f9a2b8
Import Hash : b7ebfc2ac31d5223dc33b9386c1e726b
Sections 5 .text .rdata .data .bss .reloc
Directories 4 import debug relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 34/77 VT report date: 2024-10-14 18:22:45
Malware Type 1 trojan
Threat Type 1 jaik

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://94.103.125.119/crypted.exe VirusTotal Report 94.103.125.119 VirusTotal Report 2024-10-14 18:53:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1f734 129024 a556e31db8f7517e94a002eed5b8183bde6437f0 3f36823a4014c526e9454a2ac85efe76
.rdata 0x21000 0x9e62 40960 afc5031dd31c7be3832e68116a43dbb940033a8d a843b8f5a07c4fe361c887569a69a186
.data 0x2b000 0x1a37c 103424 588a3222266ec37310b75a242eddcbdf3fcc73ef 98a3376aa6ff8a9f7000adab41e645e7
.bss 0x46000 0x4 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x47000 0x1ab4 7168 e9e5fde4ed1e10120b00d4897a98a828d5a16b51 750781e8a99b0b6d8d5c0e223fe21a13

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
7cd905d59ba4f31c082c2e2bfd88980f 7f1b1df25765fde2a6305fe2fe1ce76edfbe0529 9768 282112

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll
USER32.dll

Strings analysis - Possible URLs found 15

http://www.entrust.net/rpa03
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://crl.entrust.net/2048ca.crl0
http://www.digicert.com/CPS0
https://www.entrust.net/rpa0
http://aia.entrust.net/ts1-chain256.cer01
http://ocsp.entrust.net02
http://ocsp.entrust.net03
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl.entrust.net/ts1ca.crl0
http://ocsp.digicert.com0\
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Function Address Souspicious Anti Debug
GetStartupInfoW 0x421000
CreateFileW 0x421004
CloseHandle 0x421008
GetConsoleWindow 0x42100c
MultiByteToWideChar 0x421010
GetStringTypeW 0x421014
WideCharToMultiByte 0x421018
GetCurrentThreadId 0x42101c
WaitForSingleObjectEx 0x421020
GetExitCodeThread 0x421024
EnterCriticalSection 0x421028
LeaveCriticalSection 0x42102c
InitializeCriticalSectionEx 0x421030
DeleteCriticalSection 0x421034
EncodePointer 0x421038
DecodePointer 0x42103c
LCMapStringEx 0x421040
ReleaseSRWLockExclusive 0x421044
AcquireSRWLockExclusive 0x421048
TryAcquireSRWLockExclusive 0x42104c
WakeAllConditionVariable 0x421050
QueryPerformanceCounter 0x421054
GetSystemTimeAsFileTime 0x421058
GetModuleHandleW 0x42105c
GetProcAddress 0x421060
GetCPInfo 0x421064
IsProcessorFeaturePresent 0x421068
UnhandledExceptionFilter 0x42106c
SetUnhandledExceptionFilter 0x421070
GetCurrentProcess 0x421074
TerminateProcess 0x421078
GetCurrentProcessId 0x42107c
InitializeSListHead 0x421080
IsDebuggerPresent 0x421084
WriteConsoleW 0x421088
HeapSize 0x42108c
RaiseException 0x421090
RtlUnwind 0x421094
GetLastError 0x421098
SetLastError 0x42109c
InitializeCriticalSectionAndSpinCount 0x4210a0
TlsAlloc 0x4210a4
TlsGetValue 0x4210a8
TlsSetValue 0x4210ac
TlsFree 0x4210b0
FreeLibrary 0x4210b4
LoadLibraryExW 0x4210b8
CreateThread 0x4210bc
ExitThread 0x4210c0
FreeLibraryAndExitThread 0x4210c4
GetModuleHandleExW 0x4210c8
GetStdHandle 0x4210cc
WriteFile 0x4210d0
GetModuleFileNameW 0x4210d4
ExitProcess 0x4210d8
HeapAlloc 0x4210dc
HeapFree 0x4210e0
LCMapStringW 0x4210e4
GetLocaleInfoW 0x4210e8
IsValidLocale 0x4210ec
GetUserDefaultLCID 0x4210f0
EnumSystemLocalesW 0x4210f4
GetFileType 0x4210f8
GetFileSizeEx 0x4210fc
SetFilePointerEx 0x421100
FlushFileBuffers 0x421104
GetConsoleOutputCP 0x421108
GetConsoleMode 0x42110c
ReadFile 0x421110
HeapReAlloc 0x421114
FindClose 0x421118
FindFirstFileExW 0x42111c
FindNextFileW 0x421120
IsValidCodePage 0x421124
GetACP 0x421128
GetOEMCP 0x42112c
GetCommandLineA 0x421130
GetCommandLineW 0x421134
GetEnvironmentStringsW 0x421138
FreeEnvironmentStringsW 0x42113c
SetStdHandle 0x421140
GetProcessHeap 0x421144
ReadConsoleW 0x421148
Function Address Souspicious Anti Debug
ShowWindow 0x421150

Related files by ImpHash 1 b7ebfc2ac31d5223dc33b9386c1e726b

Name Latest seen MD5
l.exe 2024-10-14 18:58:02 b96c1cae8e90f64dd0941ee10b0db7ec