download.exe

First submission 2024-01-31 17:21:02 Last sumbission 2024-02-08 15:21:03

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 2691.5 KB (2756096 bytes)
Compile time: 2024-01-29 17:29:55
MD5: 167545d30ed35a8f29cec0a0ca1cfadf
SHA1: e56cfc605e11cde1083afee42205bb70c24c3df7
SHA256: 62f3ab01f7fa27a82b402520204ce76091725364d42a58a6b9fcd8b123dee313
Import Hash : 43b39c9b04924c8349e2841f885cfb0e
Sections 7 .text .rdata .data .pdata _RDATA .reloc .rsrc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://sirault.be/temp/download.exe VirusTotal Report sirault.be VirusTotal Report 2024-02-08 15:21:06

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x216b90 2190336 d9148d38a50ad8da28da095100b982162fee0a1c bb111bfe575dfa3b34df75958971afaa
.rdata 0x218000 0x3841c 230912 7170dff13d43896b9b33120d4faa23c80c00ef28 bbe66399b73c84ea8c9a02155ff78482
.data 0x251000 0x3f218 244736 00304be0891393e411db09f0c916a399b3fd4a8e a49ade991803767020314548faf7ba44
.pdata 0x291000 0x10ec 4608 956b5308d6347ec56a022dd885cf981e3c1cd204 649712952d7b83f229c9b30ff47b94d6
_RDATA 0x293000 0x1f4 512 291ac1b25cd08409e5a51292a2040cb16ef83a05 dfb887d4800892468abde7fad8d3d008
.reloc 0x294000 0x748 2048 bf5a80dd0e641b4368324b3dbc5590d0db7deed6 067e7d7042e8e0e582cad724c9b9ca59
.rsrc 0x295000 0x13f7a 81920 cc125848971f384e480c5d41613483310b026660 79e0b2c2c885626ea823f3bb0ba259ed

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0x2950e8 80136
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x2a89f0 1072
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x2a8e20 346

Meta infos 11

LegalCopyright: Copyright \xa9 Schoolmates rods leaky neglected franker relapsing
InternalName: Mineralised
FileVersion: 8.17.310.3
CompanyName: Atmospheric comment smallscale
LegalTrademarks: Tots future sag pared modifications moderator
Comments: Sanskrit destabilising
ProductName: Toadies epitomise
ProductVersion: 8.17.310.3
FileDescription: Eggheads feats
Translation: 0x0412 0x03b5
OriginalFilename: Corrigenda fecund

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 7

FindWindowA
GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
USER32.dll
dxgi.dll
GDI32.dll
KERNEL32.dll

Import functions