LM.exe

First submission 2024-02-08 08:22:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 578.5 KB (592384 bytes)
Compile time: 2024-02-03 22:25:49
MD5: 196921b3788eac48b29d5ce802ff8e27
SHA1: ffc40d6063534e089c897e0baa7116da68b5a4b9
SHA256: 4059f68b4493074e4baa8129a4d60e6f8c7a01f67b9ba74e10e7a7464d5c6aa9
Import Hash : 31caab6c07bdd9ba8a35c1b9e5e79f14
Sections 4 .text .rdata .data .reloc
Directories 2 import relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.42.67.14/12re/St/LM.exe VirusTotal Report 5.42.67.14 VirusTotal Report 2024-02-08 08:22:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x621a9 401920 a586f4ae02ad6e78febf8ad5788a19a41330e778 d33831f282d08413697272db65dbf523
.rdata 0x64000 0x153e 5632 aecc4866a7bf9c5c167954fe578eeb75e8c9f99c 1adedd8aff8685d7c7c81fa224664288
.data 0x66000 0x1b4e0 107520 35dc48db75d86a03858d665068a31709dbcd961c 105ae194efc7f314c3cb3af7410834b6
.reloc 0x82000 0x12838 76288 5fe8a40a1d71dd4f41fcbfc937ebc09e9b57c5c5 ef4bcf3cce8ab022cba14de116a0bdbd

Packers detected 1

Borland Delphi v6.0 KOL

Strings analysis - File found

Library
USER32.dll
GDI32.dll
KERNEL32.dll

Import functions