884039ab697c811a11dc4e3cc03bea9c3fb7e8dbfe0b0722318ce9cc456e4a82.exe.exe
First submission 2024-09-28 23:46:03
File details
File type: | PE32+ executable (DLL) (console) x86-64, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 310.0 KB (317440 bytes) |
Compile time: | 2023-07-31 14:37:40 |
MD5: | 17fb69181d1a92988f6a56b46578f808 |
SHA1: | 5c50035f586e7acae8d5a1f9fbd85ee4970454f4 |
SHA256: | 884039ab697c811a11dc4e3cc03bea9c3fb7e8dbfe0b0722318ce9cc456e4a82 |
Import Hash : | c7c3f76abd9c377a5c8cdbb66e53c501 |
Sections 7 | .text .rdata .data .pdata _RDATA .rsrc .reloc |
Directories 5 | import export resource debug relocation |
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x32ec0 | 208896 | 2536688185600637aa02f70bd4be7c654ecae796 | 9023ccee2c4f0aedfb59b3e944a6d5de | |
.rdata | 0x34000 | 0x15440 | 87552 | bb30e69e35938dd2181fc1d7165f8d481be9bc17 | c35f5a03f8c6df224993290d2fc50aa5 | |
.data | 0x4a000 | 0x2b48 | 5120 | 501152bd01020b2bb65af7edacaf397f4e2c4a54 | 2fe161aa505be6a3cc2d0257c5e465db | |
.pdata | 0x4d000 | 0x2940 | 10752 | 2fccc479a771e37018517f69c1db41cfd43b2f92 | af55e2334c5d9dbbfda24e236104f34f | |
_RDATA | 0x50000 | 0x15c | 512 | b3a0a1ffb4bfc1a92b8691def90dc1d6b3235acc | 9504c785a51cb02a801cb7c4ded69797 | |
.rsrc | 0x51000 | 0x1e0 | 512 | 495435cca139895efb188cd57b7a1c606e0efdbd | 39dd6e9d82d391aa81b2b90cdf997c71 | |
.reloc | 0x52000 | 0xa60 | 3072 | 1f3ad8c7349c784371ada2a59e701c55c6d335f6 | 14eef195d04598e291fac48f7a93e2f8 |
PE Resources 1
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x51060 | 381 |
Anti debug functions 6
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Library |
mscoree.dll |
WS2_32.dll |
ADVAPI32.dll |
PortBender.dll |
KERNEL32.dll |
Import functions
PE Exports 1 suspicious
Function | Address |
---|---|
ReflectiveLoader | 0x180008b10 |