lol.exe?ex=670c3074&is=670adef4&hm=426d9f4086fe83c1b1d0b9669a45354b10fa51c3bdb0972be4262e3e8f7f97d2&
First submission 2024-10-13 19:35:04
File details
| File type: | PE32+ executable (console) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 27682.52 KB (28346898 bytes) |
| Compile time: | 2024-08-26 17:59:20 |
| MD5: | 168b53e30b4b064151a7d3b5b8fb64b8 |
| SHA1: | 60c94ca95e67a143984da48906760a10344af23a |
| SHA256: | 1bbda33a4a0ee71425e0ef5188383a661c01aa9f430f4cea6bdae78212f9c8e0 |
| Import Hash : | aa7790079e5da97cfab7bf84d8bc295b |
| Sections 9 | .text��� .rdata�� .data��� .pdata�� .tls���� .ZRz���� .,[H���� .CX.���� .rsrc��� |
| Directories 3 | import resource tls |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 21/77 VT report date: 2024-10-13 00:05:28 |
| Malware Type 1 | trojan |
| Threat Type 1 | vmprotect |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXps://cdn.discordapp.com/attachments/1292211224016191528/1294761867952128030/lol.exe?ex=670c3074&is=670adef4&hm=426d9f4086fe83c1b1d0b9669a45354b10fa51c3bdb0972be4262e3e8f7f97d2&  |
cdn.discordapp.com |
2024-10-13 19:35:04 |
PE Sections 8 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x104a46 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rdata�� | 0x106000 | 0x3c170 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .data��� | 0x143000 | 0xf3068 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .pdata�� | 0x237000 | 0x64e0 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .tls���� | 0x23e000 | 0x10 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .ZRz���� | 0x23f000 | 0x10ad151 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .,[H���� | 0x12ed000 | 0x78 | 512 | 368059f91a7f6962608d7896666f1d54a152c7c3 | 7bc2b85179055fb7dcd672b7d8393dbd | |
| .CX.���� | 0x12ee000 | 0x17bb5b0 | 24884736 | 9f9a6ef4225683a14fb54044d29d587f340d371c | 476002243b6859beabfbe4ad5a8288ee | |
| .rsrc��� | 0x2aaa000 | 0x1ff | 512 | 46a259ed6d20b082e0f935a928a431673dc6d119 | 551aca63bbe4416892bf141f14025a01 |
PE Resources 1
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x2aaa058 | 423 |
Strings analysis - File found
| Library |
| pKernel32.dll |
| ADVAPI32.dll |
| USER32.dll |
| MSVCRT.dll |