66d60cd3ce002_SeparatelyDied.exe#sun

First submission 2024-09-04 16:31:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1719.29 KB (1760552 bytes)
Compile time: 2012-02-24 20:19:43
MD5: 1959ce1e98b798963f8b7d04bfb71e69
SHA1: 3f2fb337ca2f2686e55b985e1f4020e2273bc5a8
SHA256: d480b6efcf1ccdc3a7cf4c1d22839e27e9701758b19c0a197b049b66bdcfe870
Import Hash : be41bf7b8cc010b614bd36bbca606973
Sections 6 .text .rdata .data .ndata .rsrc .reloc
Directories 4 import resource relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 19/79 VT report date: 2024-09-04 16:14:18
Malware Type 1 trojan
Threat Type 3 autoit iausi nekark

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://147.45.44.104/yuop/66d60cd3ce002_SeparatelyDied.exe#sun VirusTotal Report 147.45.44.104 VirusTotal Report 2024-09-04 16:31:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6f1c 28672 189dda88a6c847f2561d302faa3a43c92aef4329 64fef99d80ead9051b6e85267342c734
.rdata 0x8000 0x2a62 11264 05985b7f60a664d2595e9406ae3b208c97597bbc 07990aaa54c3bc638bb87a87f3fb13e3
.data 0xb000 0x3e66dc 512 03dcf00e29427359059c911b4ef21794fc8e9237 f8e9fc8c226177087968ccda63fbab7d
.ndata 0x3f2000 0x81000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x473000 0x4f1ea 324096 c888272a9561758a7984a05770d4c276116546d9 361dd9783855475744db8e0ff6d5a150
.reloc 0x4c3000 0x320e 13312 39fa011227159a3117325bae67ac52257b018ddb 8ade335117f44023e06c59fe5dda0cab

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x4a12e8 73924
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x4b35c8 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x4b3628 146
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x4b36bc 726

Packers detected 1

Nullsoft PiMP Stub -> SFX

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
f1e2d7af268b5e1b60401c96fa8862b3 ec3571cccb8be3de5952981386fbf430fa851fe1 20744 1739808

Strings analysis - File found

Log
install.log
Temporary
~nsu.tmp
Registry
&'.reG
Library
ADVAPI32.dll
SHELL32.dll
USER32.dll
KERNEL32.dll
VERSION.dll
COMCTL32.dll
PSAPI.DLL
ole32.dll
GDI32.dll

Strings analysis - Possible URLs found 15

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://ocsp.digicert.com0C
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
http://nsis.sf.net/NSIS_Error
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://ocsp.digicert.com0\
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://ocsp.digicert.com0X

Import functions

Name Latest seen MD5
HrNQKzxJSJyBHMe.exe 2022-09-11 14:15:10 5fd7895ad8c6f4cbafeb0877637027ad
smartsoftsignew.exe 2024-05-31 21:25:02 66a5a529386533e25316942993772042
AdaptorOvernight.exe 2024-07-08 12:58:05 e0d29de6e2fa7590f857f1ef825c943c
ComeDraft.exe 2024-07-20 07:35:02 5f661bce27073f4b496277cbc2fa246d
InfluencedNervous.exe 2024-09-01 22:05:22 1b0fe9739ef19752cb12647b6a4ba97b
PharmaciesDetection.exe 2024-09-02 01:57:02 569720e2c07b1d34bac1366bf2b1c97a
BallsClassified.exe 2024-07-26 23:07:02 b74b4dc696daa20dccd7f743c8c1e1a2
HostelCurves.exe 2024-07-28 15:40:03 9512f65eed44bccd7da4ca3d8adb397d
AnneSalt.exe 2024-08-25 13:11:02 0dac2872a9c5b21289499db3dcd2f18d
ConsiderableWinners.exe 2024-08-25 13:24:03 a23837debdc8f0e9fce308bff036f18f
SemiconductorNot.exe 2024-09-02 03:09:02 7adfc6a2e7a5daa59d291b6e434a59f3
NorthSperm.exe 2024-08-27 15:01:02 ff83471ce09ebbe0da07d3001644b23c
66d08591035ef_AttachmentDaughters.exe#1 2024-08-29 17:43:02 abb713cf90e8345c0b6b79345cbdc9d6
66d0c13d2f0ed_ImpressedHub.exe 2024-08-29 21:05:02 2f5226b4116ce79afb6dcb32fa647954
66d1b31955f50_SunshineSolving.exe 2024-08-30 22:07:03 0a34380175bb4da2cce136e0cb3d3e04
updataxx3264.exe 2024-09-03 15:34:06 0885bc5d9c2aa1895ebd5fcad13b53be
TikTokTool24.exe 2024-09-05 09:50:04 3c0bc60ec3907224b9720d80bf799281