884039ab697c811a11dc4e3cc03bea9c3fb7e8dbfe0b0722318ce9cc456e4a82.exe.exe

First submission 2024-09-28 23:46:03

File details

File type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 310.0 KB (317440 bytes)
Compile time: 2023-07-31 14:37:40
MD5: 17fb69181d1a92988f6a56b46578f808
SHA1: 5c50035f586e7acae8d5a1f9fbd85ee4970454f4
SHA256: 884039ab697c811a11dc4e3cc03bea9c3fb7e8dbfe0b0722318ce9cc456e4a82
Import Hash : c7c3f76abd9c377a5c8cdbb66e53c501
Sections 7 .text .rdata .data .pdata _RDATA .rsrc .reloc
Directories 5 import export resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://140.83.50.60:8001/cry/884039ab697c811a11dc4e3cc03bea9c3fb7e8dbfe0b0722318ce9cc456e4a82.exe.exe VirusTotal Report 140.83.50.60 VirusTotal Report 2024-09-28 23:46:04

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x32ec0 208896 2536688185600637aa02f70bd4be7c654ecae796 9023ccee2c4f0aedfb59b3e944a6d5de
.rdata 0x34000 0x15440 87552 bb30e69e35938dd2181fc1d7165f8d481be9bc17 c35f5a03f8c6df224993290d2fc50aa5
.data 0x4a000 0x2b48 5120 501152bd01020b2bb65af7edacaf397f4e2c4a54 2fe161aa505be6a3cc2d0257c5e465db
.pdata 0x4d000 0x2940 10752 2fccc479a771e37018517f69c1db41cfd43b2f92 af55e2334c5d9dbbfda24e236104f34f
_RDATA 0x50000 0x15c 512 b3a0a1ffb4bfc1a92b8691def90dc1d6b3235acc 9504c785a51cb02a801cb7c4ded69797
.rsrc 0x51000 0x1e0 512 495435cca139895efb188cd57b7a1c606e0efdbd 39dd6e9d82d391aa81b2b90cdf997c71
.reloc 0x52000 0xa60 3072 1f3ad8c7349c784371ada2a59e701c55c6d335f6 14eef195d04598e291fac48f7a93e2f8

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x51060 381

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
WS2_32.dll
ADVAPI32.dll
PortBender.dll
KERNEL32.dll

Import functions

PE Exports 1 suspicious

Function Address
ReflectiveLoader 0x180008b10