fu.exe

First submission 2024-02-04 15:11:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 897.0 KB (918528 bytes)
Compile time: 2024-02-04 22:54:06
MD5: 196be8ea6783facbbea8b82e1f7e016b
SHA1: 60f6920e0e3b3803fa2daee0f37a1841889e3fca
SHA256: dce8aeeac776eb8db3e73622f652eacf92047a82fc3ffc50dff92dd70faa3f0b
Import Hash : 948cc502fe9226992dce9417f952fce3
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import resource debug tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.107.182.3/cost/fu.exe VirusTotal Report 109.107.182.3 VirusTotal Report 2024-02-04 15:11:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x9ab1d 633856 25c1457c129ee77c0aaf98beb58f3526677687d4 0a1473f3064dcbc32ef93c5c8a90f3a6
.rdata 0x9c000 0x2fb82 195584 dd2c684a16b3f370a7c66588627005befd670b80 c9cf2468b60bf4f80f136ed54b3989fb
.data 0xcc000 0x706c 18432 b958d08b90b56aff3f2e0d6daf36b91c8f31ca4c 53b9025d545d65e23295e30afdbd16d9
.rsrc 0xd4000 0x9918 39424 4653332c5a455f676596d2a49478b7cc4464144d 2ff160b13d07def28227d5a3855b6f25
.reloc 0xde000 0x7594 30208 359f6b9001cbad77104e5ed741f6d8024a1e6ffd c68ee8931a32d45eb82dc450ee40efc3

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xda038 1128
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_UK 0xda4a0 80
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_UK 0xdc660 344
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0xdc7b8 3038
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xdd438 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_UK 0xdd44c 220
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_UK 0xdd528 1007

Meta infos 1

Translation: 0x0809 0x04b0

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 12

FindWindowExW
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
KERNEL32.dll
api-ms-win-core-synch-l1-2-0.dll
mscoree.dll
UxTheme.dll
SHELL32.dll
WININET.dll
OLEAUT32.dll
USER32.dll
VERSION.dll
PSAPI.DLL
USERENV.dll
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
MPR.dll
WINMM.dll
IPHLPAPI.DLL
GDI32.dll
WSOCK32.dll

Strings analysis - Possible IPs found 1

255.255.255.255

Import functions

Name Latest seen MD5
expliitttfile.exe 2024-01-11 03:51:02 904e1bf7f9e4eeb922aae0511b0a0b45
exploittttt.exe 2024-01-12 14:32:03 48c2a0d1afe9e00ef29b2fc7b45aa971
packedtpodododod.exe 2024-01-17 15:55:01 f520439484a0e8c8c6e67cf92991f966
go.exe 2024-01-20 16:30:02 adc17794c63f89893be08e014015ffef
networ.exe 2024-01-21 17:25:02 c3ef21d71376ba0be4233fc7896c180e
networa.exe 2024-01-27 05:42:01 96183ce51c4b468401f99d911d02659e
ko.exe 2024-01-27 09:22:02 eaec652963be815d68fe09022bf5d383
no.exe 2024-02-01 11:01:02 9fd48d86590604dde5b405ea765d7e31
fu.exe 2024-02-06 12:41:03 724c9844ee104ff1612e193200e643cf