DigitalSide Threat Intel

AppReseter.exe

First submission 2024-10-18 02:58:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 317.0 KB (324608 bytes)
Compile time: 2012-07-14 00:47:16
MD5: 121dcbcd91af6526e15ff12ce63fe34b
SHA1: 8e3b85ed89f8474c95a847f8d6e742a05eebaf83
SHA256: 19f541a5526c300dcca5758cffd55d2253ef2ddc84ab2f75603814f13a17e5e3
Import Hash : bf5a4aa99e5b160f8521cadd6bfe73b8
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 42/77 VT report date: 2024-10-16 20:36:06
Malware Type 1 trojan
Threat Type 2 injuke mggl

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://3.94.86.69/files/AppReseter.exe VirusTotal Report 3.94.86.69 VirusTotal Report 2024-10-18 02:58:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x19718 104448 654c32c62fe0f2dc0bf3135a9ec14149084e2f35 c23da18364b3906f4c5e0c45e343d547
.rdata 0x1b000 0x6db4 28160 ac050a1809ae127615e1683adb73d87013096d10 5826801f33fc1b607aa8e942aa92e9fa
.data 0x22000 0x30c0 5632 c5c9b70d1fbe0cb0f1d48ea41ef1cd0da70d708d 2fe51a72ede820cd7cf55a77ba59b1f4
.rsrc 0x26000 0x2d2b0 185344 ca4b529690578a8266010efea503634fea91ce60 43b643b98b981eed0f9c654e09158c99

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x261b4 4264
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x52d2c 32
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x52d4c 20
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x52d60 868
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x530c4 490

Meta infos 12

LegalCopyright: Copyright \xa9 2023
Assembly Version: 1.0.0.0
InternalName: AppReseter.exe
FileVersion: 1.0.0.0
CompanyName: Zanzero E Services
LegalTrademarks:
Comments: Raavan
ProductName: App Reseter
ProductVersion: 1.0.0.0
FileDescription: All App Reseter
Translation: 0x0000 0x04b0
OriginalFilename: AppReseter.exe

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
OLEAUT32.dll
ole32.dll

Import functions

Function Address Souspicious Anti Debug
RaiseException 0x41b000
GetLastError 0x41b004
MultiByteToWideChar 0x41b008
lstrlenA 0x41b00c
InterlockedDecrement 0x41b010
GetProcAddress 0x41b014
LoadLibraryA 0x41b018
FreeResource 0x41b01c
SizeofResource 0x41b020
LockResource 0x41b024
LoadResource 0x41b028
FindResourceA 0x41b02c
GetModuleHandleA 0x41b030
Module32Next 0x41b034
CloseHandle 0x41b038
Module32First 0x41b03c
CreateToolhelp32Snapshot 0x41b040
GetCurrentProcessId 0x41b044
SetEndOfFile 0x41b048
GetStringTypeW 0x41b04c
GetStringTypeA 0x41b050
LCMapStringW 0x41b054
LCMapStringA 0x41b058
GetLocaleInfoA 0x41b05c
HeapFree 0x41b060
GetProcessHeap 0x41b064
HeapAlloc 0x41b068
GetCommandLineA 0x41b06c
HeapCreate 0x41b070
VirtualFree 0x41b074
DeleteCriticalSection 0x41b078
LeaveCriticalSection 0x41b07c
EnterCriticalSection 0x41b080
VirtualAlloc 0x41b084
HeapReAlloc 0x41b088
HeapSize 0x41b08c
TerminateProcess 0x41b090
GetCurrentProcess 0x41b094
UnhandledExceptionFilter 0x41b098
SetUnhandledExceptionFilter 0x41b09c
IsDebuggerPresent 0x41b0a0
GetModuleHandleW 0x41b0a4
Sleep 0x41b0a8
ExitProcess 0x41b0ac
WriteFile 0x41b0b0
GetStdHandle 0x41b0b4
GetModuleFileNameA 0x41b0b8
WideCharToMultiByte 0x41b0bc
GetConsoleCP 0x41b0c0
GetConsoleMode 0x41b0c4
ReadFile 0x41b0c8
TlsGetValue 0x41b0cc
TlsAlloc 0x41b0d0
TlsSetValue 0x41b0d4
TlsFree 0x41b0d8
InterlockedIncrement 0x41b0dc
SetLastError 0x41b0e0
GetCurrentThreadId 0x41b0e4
FlushFileBuffers 0x41b0e8
SetFilePointer 0x41b0ec
SetHandleCount 0x41b0f0
GetFileType 0x41b0f4
GetStartupInfoA 0x41b0f8
RtlUnwind 0x41b0fc
FreeEnvironmentStringsA 0x41b100
GetEnvironmentStrings 0x41b104
FreeEnvironmentStringsW 0x41b108
GetEnvironmentStringsW 0x41b10c
QueryPerformanceCounter 0x41b110
GetTickCount 0x41b114
GetSystemTimeAsFileTime 0x41b118
InitializeCriticalSectionAndSpinCount 0x41b11c
GetCPInfo 0x41b120
GetACP 0x41b124
GetOEMCP 0x41b128
IsValidCodePage 0x41b12c
CompareStringA 0x41b130
CompareStringW 0x41b134
SetEnvironmentVariableA 0x41b138
WriteConsoleA 0x41b13c
GetConsoleOutputCP 0x41b140
WriteConsoleW 0x41b144
SetStdHandle 0x41b148
CreateFileA 0x41b14c
Function Address Souspicious Anti Debug
OleInitialize 0x41b17c
Function Address Souspicious Anti Debug
SafeArrayCreate 0x41b154
SafeArrayAccessData 0x41b158
SafeArrayUnaccessData 0x41b15c
SafeArrayDestroy 0x41b160
SafeArrayCreateVector 0x41b164
VariantClear 0x41b168
VariantInit 0x41b16c
SysFreeString 0x41b170
SysAllocString 0x41b174

Related files by ImpHash 27 bf5a4aa99e5b160f8521cadd6bfe73b8

Name Latest seen MD5
notepad.exe 2022-09-09 15:16:02 6bf5488cbc8b5475997c8f9feb9b80f6
microsoft.exe 2022-10-23 20:23:04 9f3c5b6fa2a40d0d97d82d1f509b7168
data64_2.exe 2022-11-20 09:03:03 07b50673f04622d62836838790613452
data64_1.exe 2022-11-20 10:06:02 ebef6f629d4dd92f8c4714b4f9693642
data64_3.exe 2022-11-20 10:09:02 27b8430e57ed40e3c090e662233a10eb
ZydSimple.exe 2023-01-16 18:42:31 207cc906a41b0ac0b673e6b54191dae8
.NetFramework.exe 2023-06-22 19:16:03 b8bee86a938a8b2245aa9343077958a6
fee.exe 2024-05-19 01:25:03 38531b2b0413ec8925c2ab8d9755d24b
MyCheckBack.exe 2024-05-25 17:01:05 58d9da67f31be50170dadd4ff9a837ad
GGWS_UPLOAD.exe 2024-05-27 20:09:08 cbaa1a61c93704f1540e48a8dd9bac14
STHealthClient.exe 2024-05-25 18:28:08 70ab645e72548443cea20ffd8005dc1a
STHealthUp.exe 2024-05-26 00:04:04 e78473bca17b8e1e7353570719b5ad0c
STHealthUpdate.exe 2024-05-27 10:08:06 6f5df1cb4767052b0b77e4e93fdda84d
STHealthUpload.exe 2024-05-27 11:01:05 26c7da49199c31fcfe179cee64b89116
STHealthBQ.exe 2024-05-27 11:02:05 e67f683eac76d370334f3fdf51aa430a
66cf56ae6e345_ColeusesWalkathon.exe 2024-10-04 23:14:02 afed25699b68eb6b0d7fa7fa382c55b7
systems.exe 2024-09-02 00:53:01 454a942056f6d69c4a06ffedffea974a
66e464075714d_otr.exe 2024-10-05 10:54:02 39792b5d0b6a20c9216623181135f397
%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe 2024-09-23 13:37:05 a30cc69a6a902257d633dba5653ca990
66e463dc5d817_cry.exe 2024-10-07 22:00:02 338e222dbbbe3d87219fc2ba4e6936da
66e010f468498_otr.exe 2024-10-05 13:55:02 faaf13f6a1dd574396fea7e084504150
66e014584fcee_w2.exe 2024-10-07 21:13:02 d11952cce9c0e9a38a52fbf887e96681
66e014874bec8_w9.exe 2024-10-05 00:24:02 d6c976ddbf72de3a56834b7583f7f7cc
66e805302f63c_otr.exe 2024-10-05 12:19:02 d3d2aafaf86262baa7528e397f1ce761
66e80492300c8_cry.exe 2024-10-05 11:18:02 fef7cb7c3bd0e8204e3e7fecc544e6e6
ped.exe 2024-10-04 19:12:15 101a98643dbcbf0c0c02d45b8126a590
AppReseter_forOutlooker.exe 2024-10-18 02:59:03 4c4200cdf2e58dee2b4db5200c231468