DigitalSide Threat Intel

0a839761915d.exe

First submission 2024-10-12 07:17:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 577.89 KB (591760 bytes)
Compile time: 2024-10-12 07:13:19
MD5: 187644d694ad66289799d5a28f682b10
SHA1: 05c0efd3cf9c2bf3cb439eae81654d7ce73af74b
SHA256: 7b8b18d1452322b7f6393fc003dea6f2ad2dfd7847f2dd90da320961ea12b848
Import Hash : 2bf5d9e2e4bbff197e62f5db8f2f3336
Sections 5 .text .rdata .data .reloc .rsrc
Directories 5 import resource debug relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://app.rtpdgox.info/css/0a839761915d.exe VirusTotal Report app.rtpdgox.info VirusTotal Report 2024-10-12 07:17:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2116b 135680 50ff03d7e6ddf6b7783f26d7da98f6a354ee9cae f4b07f9a350d71eb56ee5adc3b9a2516
.rdata 0x23000 0xa004 41472 3a341524f1e31536a50bb12c299fc5453ea26b6e 944e0918d8f0a3b69db49f4c3a021cb6
.data 0x2e000 0x5a364 365568 e816497e4f45220cc5e8dc205762b6fa8ed2a33e 1f3ccce6bcbf97353abc8a1d9a6623a8
.reloc 0x89000 0x1c00 7168 41f0d225e954e4f6ae98d219f869568e5866788d 278efdd542b98270cad925e1dadd9222
.rsrc 0x8b000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
5e5176873ccfe2eac091c89f1f4d84bf 17cddeb5c426cd6a3a50e937bd0f5d487308bf31 20168 571592

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Strings analysis - Possible URLs found 14

http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
http://office.microsoft.com
http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
http://www.microsoft.com/pkiops/Docs/Repository.htm0
http://www.microsoft.com/pkiops/docs/primarycps.htm0@
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
http://www.microsoft.com/PKI/docs/CPS/default.htm0@
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a

Import functions

Function Address Souspicious Anti Debug
TlsFree 0x423000
MultiByteToWideChar 0x423004
GetStringTypeW 0x423008
WideCharToMultiByte 0x42300c
EnterCriticalSection 0x423010
LeaveCriticalSection 0x423014
InitializeCriticalSectionEx 0x423018
DeleteCriticalSection 0x42301c
EncodePointer 0x423020
DecodePointer 0x423024
LCMapStringEx 0x423028
GetCPInfo 0x42302c
IsProcessorFeaturePresent 0x423030
UnhandledExceptionFilter 0x423034
SetUnhandledExceptionFilter 0x423038
GetCurrentProcess 0x42303c
TerminateProcess 0x423040
QueryPerformanceCounter 0x423044
GetCurrentProcessId 0x423048
GetCurrentThreadId 0x42304c
GetSystemTimeAsFileTime 0x423050
InitializeSListHead 0x423054
IsDebuggerPresent 0x423058
GetStartupInfoW 0x42305c
GetModuleHandleW 0x423060
CreateFileW 0x423064
RaiseException 0x423068
RtlUnwind 0x42306c
GetLastError 0x423070
SetLastError 0x423074
InitializeCriticalSectionAndSpinCount 0x423078
TlsAlloc 0x42307c
TlsGetValue 0x423080
TlsSetValue 0x423084
FreeLibrary 0x423088
GetProcAddress 0x42308c
LoadLibraryExW 0x423090
GetStdHandle 0x423094
WriteFile 0x423098
GetModuleFileNameW 0x42309c
ExitProcess 0x4230a0
GetModuleHandleExW 0x4230a4
HeapAlloc 0x4230a8
HeapFree 0x4230ac
LCMapStringW 0x4230b0
GetLocaleInfoW 0x4230b4
IsValidLocale 0x4230b8
GetUserDefaultLCID 0x4230bc
EnumSystemLocalesW 0x4230c0
GetFileType 0x4230c4
CloseHandle 0x4230c8
FlushFileBuffers 0x4230cc
GetConsoleOutputCP 0x4230d0
GetConsoleMode 0x4230d4
ReadFile 0x4230d8
GetFileSizeEx 0x4230dc
SetFilePointerEx 0x4230e0
ReadConsoleW 0x4230e4
HeapReAlloc 0x4230e8
FindClose 0x4230ec
FindFirstFileExW 0x4230f0
FindNextFileW 0x4230f4
IsValidCodePage 0x4230f8
GetACP 0x4230fc
GetOEMCP 0x423100
GetCommandLineA 0x423104
GetCommandLineW 0x423108
GetEnvironmentStringsW 0x42310c
FreeEnvironmentStringsW 0x423110
SetStdHandle 0x423114
GetProcessHeap 0x423118
HeapSize 0x42311c
WriteConsoleW 0x423120