Hidroflex.exe
First submission 2024-10-15 20:50:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 646.44 KB (661951 bytes) |
Compile time: | 2021-04-07 16:39:21 |
MD5: | 14ed33568fe4d2881dc8ec27cecd1872 |
SHA1: | abce56e67d25f9c9534216a4d1c636c778e6ee80 |
SHA256: | 8ec643acd8f0cc7a9d3d22034296fb93bdf8c7aae5b516fb6a01134fe04f05ac |
Import Hash : | fcf1390e9ce472c7270447fc5c61a0c1 |
Sections 6 | .text .rdata .data .didat .rsrc .reloc |
Directories 5 | import export resource debug relocation |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 48/77 VT report date: 2024-10-15 06:50:33 |
Malware Type 2 | trojan spyware |
Threat Type 2 | formbook noon |
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x3122a | 201728 | 7ca1b5a1ee479177d46660479a3e199e60483c77 | 0f428b99f85a6dd21d97c3ebd1dad6da | |
.rdata | 0x33000 | 0xa612 | 43008 | b6f37822f12bbb5780b31f463ed41c181d8ef98a | 76a60785d8790bdd1c75dfb1e4acced7 | |
.data | 0x3e000 | 0x23728 | 4096 | 6b160855a24650fb6df8fda051e6a773aefbb0ae | 201530c9e56f172adf2473053298d48f | |
.didat | 0x62000 | 0x188 | 512 | dfa6785a4805f590315db087e9d1a8750be6b578 | 0ec8416c15d4a4181d809e374f46a460 | |
.rsrc | 0x63000 | 0x10030 | 66048 | 20b9eca634ae2ca843a3650fa130eb0ff9782f26 | 15087f7184ea1269a6897b967cf2af79 | |
.reloc | 0x74000 | 0x2274 | 9216 | c5c0bd29888e460f783bf0aa84a42acb90efa87e | 04cf9367bcce3e0a870a75eef3990de4 |
PE Resources 6
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
PNG | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x6412c | 5545 | |
RT_ICON | LANG_NEUTRAL | SUBLANG_DEFAULT | 0x69b18 | 29112 | |
RT_DIALOG | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x715e8 | 594 | |
RT_STRING | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x727b8 | 214 | |
RT_GROUP_ICON | LANG_NEUTRAL | SUBLANG_DEFAULT | 0x72890 | 76 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x728dc | 1875 |
Packers detected 2
Microsoft Visual C++ 8 |
VC8 -> Microsoft Corporation |
Anti debug functions 6
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Temporary |
%s.%d.tmp |
winrarsfxmappingfile.tmp |
Portable |
simage.pdf |
Library |
Crypt32.dll |
peerdist.dll |
msasn1.dll |
profapi.dll |
RpcRtRemote.dll |
sfc_os.dll |
XmlLite.dll |
USERENV.dll |
ntmarta.dll |
rasadhlp.dll |
mscoree.dll |
mlang.dll |
cryptsp.dll |
linkinfo.dll |
UxTheme.dll |
imageres.dll |
VERSION.dll |
cscapi.dll |
usp10.dll |
wkscli.dll |
devrtl.dll |
secur32.dll |
wintrust.dll |
atl.dll |
WINNSI.DLL |
rsaenh.dll |
riched20.dll |
comres.dll |
cryptui.dll |
ntshrui.dll |
slc.dll |
oleaccrc.dll |
PSAPI.DLL |
propsys.dll |
NETAPI32.dll |
aclui.dll |
dhcpcsvc6.dll |
cryptbase.dll |
ws2help.dll |
SHELL32.dll |
samlib.dll |
KERNEL32.dll |
shdocvw.dll |
dwmapi.dll |
cabinet.dll |
MPR.dll |
WS2_32.dll |
WindowsCodecs.dll |
dnsapi.dll |
SSPICLI.DLL |
samcli.dll |
apphelp.dll |
dfscli.dll |
DXGIDebug.dll |
dsrole.dll |
ieframe.dll |
lpk.dll |
netutils.dll |
clbcatq.dll |
dhcpcsvc.dll |
IPHLPAPI.DLL |
srvcli.dll |
browcli.dll |
SETUPAPI.dll |
SHLWAPI.dll |
GDI32.dll |
COMCTL32.dll |
ole32.dll |
USER32.dll |
ADVAPI32.dll |
gdiplus.dll |
COMDLG32.dll |
Strings analysis - Possible URLs found 1
http://schemas.microsoft.com/SMI/2005/WindowsSettings |
Import functions
Name | Latest seen | MD5 |
---|---|---|
DCRatBuild.exe | 2022-08-01 18:43:02 | 67102f1512d76f7c6e29b72a61fead26 |
rat.exe | 2022-08-02 20:12:03 | c8ae3010b329c7a23fbf74e6970d51ae |
setup331.exe | 2022-09-02 15:13:02 | 6a722c88aa6fa59590ca1f68de254ba5 |
Minecraft%20Call%20out%202.0.scr | 2022-09-13 20:23:03 | f1c4149211f2afac5d6f87a36080610d |
process.exe | 2022-09-25 12:03:03 | c3da75b39650dd66fa445a7a120b6383 |
P_O999.exe | 2022-09-26 10:48:03 | 3fbd38a88a5302483a14d8fa2510faf9 |
RFQ.exe | 2022-09-26 20:13:03 | 05537902058bc265bf790af120df1723 |
c9675be9896d63f4d3020729f4f2bddd854a7000.bin | 2022-09-27 18:13:04 | 149e3b32a8ab7c8a86ab4d63ad0e7d11 |
data64_6.exe | 2022-09-28 06:18:03 | 94be040ad3892502560dfbd9d14adfdc |
data64_6.exe | 2022-10-05 12:07:03 | 0267e94e1ff0999bc88e1f9be49c3fd6 |
secplugmanzx.exe | 2022-10-13 15:32:03 | 06acd14ad1634c781b89403903aa4b30 |
lan.exe | 2022-10-16 07:24:02 | 655012dcdb5df1cd60e387380f381221 |
vbc.exe | 2022-10-20 09:45:02 | 21ad9d9b890497bf25995886808f355c |
build.exe | 2022-10-21 04:33:03 | 93b1b73283a7f2fc2ed2c03a7a6eb1cc |
Ref671005018.exe | 2022-10-26 18:54:07 | 71bc3a380454c4bf0c29f7ce462f5a44 |
IMG00120474.exe | 2022-10-27 10:55:08 | 3cd3653500f1ed1e3e9c5042c86e473d |
vbc.exe | 2022-10-28 12:05:07 | d2906d9e91c8533ee2ae4ed348986186 |
Ref77013962020.exe | 2022-10-28 14:26:07 | 2ad81b515de54e3466eb1148cb61930d |
oder.exe | 2022-11-01 18:01:05 | d09dec170b549ce4a803423a73f1ca12 |
089521087.exe | 2022-11-01 20:50:04 | 07e1be74f08c0e00408ca7a640920771 |
route.exe | 2022-11-02 14:50:07 | 0cd7ce3c5e062150d39687eaaaf97878 |
2010960.exe | 2022-11-03 03:19:06 | 151872c017a777a84e32da4ded628a72 |
INJECTORI.com | 2022-11-04 20:41:45 | ab47fb21d6d585fd2b9a58d1909fbcc1 |
remcosinject.exe | 2022-11-04 20:42:54 | 733e72215a1047f0e93c95413067868e |
remcosinjection.exe | 2022-11-05 03:45:38 | f83cb2f595ba590173ecc32fe1a4f957 |
lim.exe | 2022-11-07 10:42:08 | 755fe7ca06fd859a3168daff5c1c2245 |
PT03605160.exe | 2022-11-07 14:33:07 | 639b8c7c6c073dba732b3bf637198ef8 |
doc511106309.exe | 2022-11-12 05:31:09 | 2d2fab6fedb6153ace847a6cd886d415 |
motb.exe | 2022-11-12 15:51:10 | a663aeeb5c676da287002255a7473985 |
install.exe | 2022-11-12 16:49:10 | 60901ca56097145db9eb0b14529039fe |
linda5.exe | 2022-11-16 13:33:08 | 43c58db73f15ca5bf19e1843133b480a |
dbuild.exe | 2022-11-22 02:56:04 | 7bcf649a8d8d072c2074ff9e1c8da33a |
Order_088067.exe | 2022-11-25 14:43:02 | d997a93c96c04fccf6ebe280ab6b025b |
IMG0139006.exe | 2022-11-26 02:41:01 | a471e88b1cb62af98534d61c26dd1973 |
devalt.exe | 2022-12-18 02:28:03 | fc9ea28a3c3659c4200e442d20198458 |
limalt.exe | 2022-12-18 02:29:02 | 8468c0223b7665174d19866d33ae9731 |
fund.exe | 2023-01-04 08:10:02 | 2d63112893ec4a3142f4f0b1f16f56db |
DCRatBuild.exe | 2023-01-04 09:39:03 | dff1d2c92492fbe3f8dbc61b98b3898c |
DCRatBuild04.10.exe | 2023-02-02 12:54:03 | 5876323de4ab0a3fa5e00a9dc3095f5f |
windows_updater.exe | 2023-02-08 02:55:08 | df7f295abf012a89fcf8b6e311307712 |
resource.exe | 2023-02-24 03:17:03 | 8f85fe2386c37597bc76f7909c6212a9 |
LEM.exe | 2023-02-26 14:59:03 | edf0360a7aab3d02e4f99f85dfa2d0fa |
cacert.exe | 2023-03-05 07:17:10 | 47ca254d94b8ba124ba8a3fdb4a52653 |
MRD.exe | 2023-05-11 20:59:04 | 6388f518d48d2aff61ecc5042baf7c2a |
mig.exe | 2023-06-19 09:46:06 | 46f330a312007fc9d230ca90cded266d |
libcef.sfx.exe | 2024-05-21 18:02:15 | 9086dc170ca5e4763e6658db1931e678 |
Namz.exe | 2024-07-10 10:12:08 | 130314efbfeaf814602def6d8a296766 |
qq-1950222243-x%e2%80%aexcod.exe | 2024-09-25 05:06:04 | 06a0c92c691e980875b3345ce72fe78b |
wzoptBmp.exe | 2024-09-28 18:58:05 | 8c6a57551936555b3fdc90562ccb9bf7 |
rocket.exe | 2024-09-28 18:23:04 | 2b5a2c2d70c3c5ac3a5804ca1345a694 |
Products-Sample.exe | 2024-10-15 20:49:02 | 986f07c36efed3dc2b888537f99cc214 |