igccu.exe

First submission 2023-09-12 09:52:04

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	298.5 KB (305664 bytes)
Compile time:	2023-03-15 21:13:30
MD5:	131ccad3c84639a1cb61bb56fb5b9e24
SHA1:	849f9be725d5216840f88607592ef44b07e2518c
SHA256:	12bbde25bb3a140f9699c4627d5235bc921097ba0bfbbd64d5834fb760ea6ba2
Import Hash :	fd6dfb11bfd672e911229df79ae69bc7
Sections 3	.text .data .rsrc
Directories 2	import resource
Virus Total:	34/71 VT report date: 2023-09-12 01:50:48

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://103.250.79.174/520/igccu.exe	103.250.79.174	2023-09-12 09:52:04

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x200f0	131584	37ab13b5c16d007dfa9415681c80cb9ddca1a801	b0e6f235ccb4c0d1916e82f9c0545675
.data	0x22000	0x1ebbe8c	92160	cadc91c0fbb460732d5378e1fc920068187de5c5	a41d97dfdd8a6283a7e943cb21777094
.rsrc	0x1ede000	0x13a68	80896	562f4d8320cd1c3f124b5c616a478b84ed90a2de	5e5745b0007578d7ffc2023b3b995045

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
RT_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x1ef0468	2216	PE Resource: RT_CURSOR - Data ( @888AAAJJJMMMTTTppp/-P?pQcv1Qq,/KPhp1Qq/!P7pLcy1Qq/Pp",6@J[1qQq/Pp =1[Qyq/"P0p=LYgx1Qq&/@PZpt1Qq/&PAp[t1Qq/P"p0>M[iy1Qq/Pp >1\Qzq/Pp!+6@IZ1pQq/ P6pLbx1Qq,/KPip1Qq/-P?pRcv1Qq/Pp!&,>X1qQq ?
RT_ICON	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x1eeff98	1128
RT_STRING	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x1ef1808	608	PE Resource: RT_STRING - Data EDovewasovatij zigidusofu toyotineliy caliwacox xudijazuvoca rokifocecHojacufixab sadukefefaluzo BazowixemiQXinofajimulogox sizagexucito cuzuzucaxabefo nubuwev fuhitayaxubuhi meruv vaxujude@Paxafem bohoz lineko yupahotocuno duguseruxaviyo mobuhakodikarey&Fofuwefenela hefucekar cezagepenoxisiw
RT_GROUP_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x1ef0d10	20
RT_GROUP_ICON	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x1ef0400	104
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x1ef0d28	572

Meta infos 7

FileVersions:	42.51.49
InternalName:	Superior.exe
ProductVersion:	27.5.34.0
LegalCopyrights:	Challangers bojala
Translation:	0x124e 0x043a
FileDescriptions:	Anybodies
ProductName:	Bonni

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
SHELL32.dll
USER32.dll
GDI32.dll

Import functions

ADVAPI32.dll 1 SHELL32.dll 1 KERNEL32.dll 123 GDI32.dll 2 USER32.dll 2

Function	Address	Souspicious	Anti Debug
LookupAccountSidW	0x401000

Function	Address	Souspicious	Anti Debug
DragFinish	0x401204

Function	Address	Souspicious	Anti Debug
GetNumaProcessorNode	0x401014
GetDriveTypeW	0x401018
EnumCalendarInfoW	0x40101c
MoveFileExW	0x401020
InterlockedDecrement	0x401024
CreateJobObjectW	0x401028
SetHandleInformation	0x40102c
GetProfileStringW	0x401030
SetVolumeMountPointW	0x401034
GetComputerNameW	0x401038
OpenSemaphoreA	0x40103c
BackupSeek	0x401040
FreeEnvironmentStringsA	0x401044
GetModuleHandleW	0x401048
GenerateConsoleCtrlEvent	0x40104c
GetConsoleAliasesLengthA	0x401050
GetConsoleAliasExesW	0x401054
EnumTimeFormatsA	0x401058
EnumTimeFormatsW	0x40105c
TzSpecificLocalTimeToSystemTime	0x401060
GetEnvironmentStrings	0x401064
GetConsoleCP	0x401068
GlobalAlloc	0x40106c
LoadLibraryW	0x401070
TerminateThread	0x401074
FatalAppExitW	0x401078
GetCalendarInfoW	0x40107c
GetStartupInfoW	0x401080
RaiseException	0x401084
GetPrivateProfileIntW	0x401088
InterlockedExchange	0x40108c
GetStartupInfoA	0x401090
FindFirstFileW	0x401094
GetLastError	0x401098
GetCurrentDirectoryW	0x40109c
PeekConsoleInputW	0x4010a0
MoveFileW	0x4010a4
EnumSystemCodePagesW	0x4010a8
OpenMutexA	0x4010ac
GetProcessId	0x4010b0
LocalAlloc	0x4010b4
BuildCommDCBAndTimeoutsW	0x4010b8
GetNumberFormatW	0x4010bc
RemoveDirectoryW	0x4010c0
GlobalGetAtomNameW	0x4010c4
FindNextFileA	0x4010c8
EnumDateFormatsA	0x4010cc
GlobalUnWire	0x4010d0
GetModuleHandleA	0x4010d4
SetLocaleInfoW	0x4010d8
EnumResourceNamesA	0x4010dc
CreateMailslotA	0x4010e0
VirtualProtect	0x4010e4
EnumDateFormatsW	0x4010e8
GetShortPathNameW	0x4010ec
FindFirstVolumeA	0x4010f0
FindAtomW	0x4010f4
FindFirstVolumeW	0x4010f8
DeleteFileW	0x4010fc
AddConsoleAliasA	0x401100
CreateFileW	0x401104
ReadFile	0x401108
FlushFileBuffers	0x40110c
SetDefaultCommConfigA	0x401110
GetFileSize	0x401114
GetVolumeNameForVolumeMountPointA	0x401118
GetCommandLineW	0x40111c
SetThreadLocale	0x401120
WriteConsoleW	0x401124
SetStdHandle	0x401128
InterlockedIncrement	0x40112c
Sleep	0x401130
InitializeCriticalSection	0x401134
DeleteCriticalSection	0x401138
EnterCriticalSection	0x40113c
LeaveCriticalSection	0x401140
EncodePointer	0x401144
DecodePointer	0x401148
HeapFree	0x40114c
HeapAlloc	0x401150
GetProcAddress	0x401154
ExitProcess	0x401158
DeleteFileA	0x40115c
HeapSetInformation	0x401160
RtlUnwind	0x401164
UnhandledExceptionFilter	0x401168
SetUnhandledExceptionFilter	0x40116c
IsDebuggerPresent	0x401170
TerminateProcess	0x401174
GetCurrentProcess	0x401178
IsProcessorFeaturePresent	0x40117c
HeapCreate	0x401180
WriteFile	0x401184
GetStdHandle	0x401188
GetModuleFileNameW	0x40118c
InitializeCriticalSectionAndSpinCount	0x401190
TlsAlloc	0x401194
TlsGetValue	0x401198
TlsSetValue	0x40119c
TlsFree	0x4011a0
SetLastError	0x4011a4
GetCurrentThreadId	0x4011a8
HeapSize	0x4011ac
FreeEnvironmentStringsW	0x4011b0
GetEnvironmentStringsW	0x4011b4
SetHandleCount	0x4011b8
GetFileType	0x4011bc
QueryPerformanceCounter	0x4011c0
GetTickCount	0x4011c4
GetCurrentProcessId	0x4011c8
GetSystemTimeAsFileTime	0x4011cc
GetCPInfo	0x4011d0
GetACP	0x4011d4
GetOEMCP	0x4011d8
IsValidCodePage	0x4011dc
GetStringTypeW	0x4011e0
MultiByteToWideChar	0x4011e4
SetFilePointer	0x4011e8
WideCharToMultiByte	0x4011ec
GetConsoleMode	0x4011f0
HeapReAlloc	0x4011f4
LCMapStringW	0x4011f8
CloseHandle	0x4011fc

Function	Address	Souspicious	Anti Debug
SelectPalette	0x401008
GetTextFaceW	0x40100c

Function	Address	Souspicious	Anti Debug
CharUpperW	0x40120c
LoadMenuA	0x401210