PrWYC.exe

First submission 2022-08-02 21:23:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 666.26 KB (682251 bytes)
Compile time: 2022-07-28 10:33:29
MD5: 15d514f2c75c909604875c6af0bf3b54
SHA1: 542cc4c5677b67197d6560377ac64a7ace30230b
SHA256: 3a825f731a4e60fb203e7248f85e43d532c367e584ce54f12a2a0c60be0b479f
Import Hash : 40a96900b65548cb7118b676c268360b
Sections 5 .text .rdata .data .reloc .rsrc
Directories 5 import resource debug relocation security
Virus Total: 5/70 VT report date: 2022-08-02 00:53:36

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/PrWYC.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:23:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e426 124416 84ca435637e0d1c90ce72b2f600f7ebfcf4fd79a 8507b9399423e92a4a09cd733a7f905c
.rdata 0x20000 0xd080 53760 1e2a2137b835d81649586375d8889b37fd1711e7 041151cd96d5488f4158fbb2ecf81446
.data 0x2e000 0x1e60 4608 cd1f9138f6882798399b2b1f39128deb3d64e44d 2b2e53b2a5ffae274c842bc8e5716741
.reloc 0x30000 0x1cfc 7680 3bf6427be694b7a360c58defb7cb03c6760629d5 d9652f95f13df3295917f4ebd1f818d1
.rsrc 0x32000 0x74bb4 479744 5274d2c2dcac7347047923ae50fc586c337e0558 07f93cbe87ffd7e99c27b5ddd95d23dd

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x5c238 50218
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x68790 62
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x687d0 996

Meta infos 12

BuildID: 20220623063721
OriginalFilename: firefox.exe
Translation: 0x0000 0x04b0
InternalName: Firefox
FileVersion: 102.0
LegalTrademarks: Firefox is a Trademark of The Mozilla Foundation.
ProductVersion: 102.0
FileDescription: Firefox
LegalCopyright: \xa9Firefox and Mozilla Developers; available under the MPL 2 license.
Comments:
ProductName: Firefox
CompanyName: Mozilla Corporation

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
355e9ce069c476ce0affd42b1873d6bd d80a82de715204593ef01f66c85f33959b96f61f 11008 671243

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Strings analysis - Possible URLs found 17

http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
https://mozilla.org0
http://www.digicert.com/CPS0
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://crl3.digicert.com/sha2-assured-cs-g1.crl05
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://ocsp.digicert.com0N
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
https://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://ocsp.digicert.com0X

Import functions