DigitalSide Threat Intel

Extreme_V4.3.exe?ex=670eef4d&is=670d9dcd&hm=525c3f05808bc5ce107884b42251d479836d0b83e568bd9cfd2895891b1e388d&

First submission 2024-10-15 20:27:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Mime type: application/x-dosexec
File size: 45.0 KB (46080 bytes)
Compile time: 2024-10-08 01:03:08
MD5: 0b795b6619fa77090a98e71167188fac
SHA1: 68d9be0be8a5b508f36f9abb18b8a3c015ecce2f
SHA256: 13d49664f15bbf4520d61590962fc80fdc153d980c1445bd3a7d4c4aeb04abf1
Import Hash : 1b30fa183bfe9ff390e568cb23d331e5
Sections 3 UPX0 UPX1 .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 23/77 VT report date: 2024-10-15 00:44:05
Malware Type 1 trojan
Threat Type 1 systemmod

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1197980411448528926/1295516544914292766/Extreme_V4.3.exe?ex=670eef4d&is=670d9dcd&hm=525c3f05808bc5ce107884b42251d479836d0b83e568bd9cfd2895891b1e388d& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-15 20:27:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x61000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x62000 0xa000 40448 b69e5654eb6ccc317bb73f767a7106886954be09 15aa89bba4b615f89f281c1aeeede3de
.rsrc 0x6c000 0x2000 5120 09c6c3a5d91e36eefe591713357d127a2212841e 993366a68e6c2c57bd1095b38559ba79

PE Resources 2

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x6c0a4 4264
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x6d150 20

Packers detected 3

UPX 2.93 (LZMA)
UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net

Strings analysis - File found

Library
crtdll.dll
USER32.dll
SHLWAPI.dll
KERNEL32.dll
SHELL32.dll

Import functions

Function Address Souspicious Anti Debug
ShellExecuteA 0x46d200
Function Address Souspicious Anti Debug
LoadLibraryA 0x46d1dc
GetProcAddress 0x46d1e0
VirtualProtect 0x46d1e4
VirtualAlloc 0x46d1e8
VirtualFree 0x46d1ec
ExitProcess 0x46d1f0
Function Address Souspicious Anti Debug
_mkdir 0x46d1f8
Function Address Souspicious Anti Debug
wsprintfA 0x46d210
Function Address Souspicious Anti Debug
PathQuoteSpacesA 0x46d208