528a8493f9046d630a0dad91d445481da8657b98f9151c55e5ab95e529d21018.exe.exe

First submission 2024-09-29 00:02:04

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 758.8 KB (777007 bytes)
Compile time: 2012-01-29 22:32:28
MD5: 17a9dffae549519da496b7d4bd95cc3d
SHA1: e7693cf199114dc22a47a0f753c961507e548019
SHA256: 528a8493f9046d630a0dad91d445481da8657b98f9151c55e5ab95e529d21018
Import Hash : 369fe35b86c83b3130c02698158a4d4d
Sections 4 .text .rdata .data .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://140.83.50.60:8001/cry/528a8493f9046d630a0dad91d445481da8657b98f9151c55e5ab95e529d21018.exe.exe VirusTotal Report 140.83.50.60 VirusTotal Report 2024-09-29 00:02:04

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x8061c 526336 1a4a6e903ba8481730da89043acebb85caaecabf 61ffce4768976fa0dd2a8f6a97b1417a
.rdata 0x82000 0xdfc0 57344 7c6e84f8a5fefd256f26fa1b43b68871b610fc89 f0991b788ac34ea4b210673093655317
.data 0x90000 0x1a758 26624 e525097f0c6a472b209669ddf8c3d82ba5a8dfb4 8033f5a38941b4685bc2299e78f31221
.rsrc 0xab000 0xd1f8 53760 eaca43c31f5feb77c2a440421161e5a2717b2099 b0dd034aad2c0571adb6cc6d37ee9a4c

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xab7c0 41640
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_UK 0xb5a68 80
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_UK 0xb5ab8 252
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0xb7c30 344
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xb7dd0 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_UK 0xb7de8 412
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xb7f88 620

Meta infos 4

CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0
FileVersion: 3, 3, 8, 1
FileDescription:

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 12

FindWindowExW
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
mscoree.dll
nKERNEL32.DLL
SHELL32.dll
KERNEL32.dll
UxTheme.dll
ADVAPI32.dll
OLEAUT32.dll
USER32.dll
VERSION.dll
PSAPI.DLL
WININET.dll
GDI32.dll
COMCTL32.dll
COMDLG32.dll
ICMP.DLL
USERENV.dll
ole32.dll
MPR.dll
WINMM.dll
WSOCK32.dll

Strings analysis - Possible IPs found 1

255.255.255.255

Import functions