DigitalSide Threat Intel

B.exe

First submission 2023-09-13 09:52:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 172.5 KB (176640 bytes)
Compile time: 2012-07-14 00:47:16
MD5: 1c91d91d58c62fb93b9d3a7ee6f273fc
SHA1: e93b08262bebc6c3476a54d943c6957af09a281f
SHA256: 89ee49574b483077f00317a988fe5443ee4b3b3485b2b775e411f4d0235dc8ba
Import Hash : bf5a4aa99e5b160f8521cadd6bfe73b8
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug
Virus Total: 28/71 VT report date: 2023-09-13 07:25:09

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://194.180.49.211/D/B.exe VirusTotal Report 194.180.49.211 VirusTotal Report 2023-09-13 09:52:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x19718 104448 0d21cac395f8e4e2c5345d08f736ac2215b34332 d9a1ec6e35bb9acfdcd62c8f2c7da89a
.rdata 0x1b000 0x6db4 28160 ac050a1809ae127615e1683adb73d87013096d10 5826801f33fc1b607aa8e942aa92e9fa
.data 0x22000 0x30c0 5632 c5c9b70d1fbe0cb0f1d48ea41ef1cd0da70d708d 2fe51a72ede820cd7cf55a77ba59b1f4
.rsrc 0x26000 0x90ac 37376 fe7f8d356ac2133bbf3385d6dc2b3948e79d2f1a be5d313fc2a24c59ec25b07d7b265043

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x2eb84 32
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x2eba4 796
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x2eec0 490

Meta infos 12

LegalCopyright: Copyright \xa9 2023
Assembly Version: 1.0.0.0
InternalName: NNnNh887.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: NNnNh887
ProductVersion: 1.0.0.0
FileDescription: NNnNh887
Translation: 0x0000 0x04b0
OriginalFilename: NNnNh887.exe

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
OLEAUT32.dll
ole32.dll

Import functions

Function Address Souspicious Anti Debug
RaiseException 0x41b000
GetLastError 0x41b004
MultiByteToWideChar 0x41b008
lstrlenA 0x41b00c
InterlockedDecrement 0x41b010
GetProcAddress 0x41b014
LoadLibraryA 0x41b018
FreeResource 0x41b01c
SizeofResource 0x41b020
LockResource 0x41b024
LoadResource 0x41b028
FindResourceA 0x41b02c
GetModuleHandleA 0x41b030
Module32Next 0x41b034
CloseHandle 0x41b038
Module32First 0x41b03c
CreateToolhelp32Snapshot 0x41b040
GetCurrentProcessId 0x41b044
SetEndOfFile 0x41b048
GetStringTypeW 0x41b04c
GetStringTypeA 0x41b050
LCMapStringW 0x41b054
LCMapStringA 0x41b058
GetLocaleInfoA 0x41b05c
HeapFree 0x41b060
GetProcessHeap 0x41b064
HeapAlloc 0x41b068
GetCommandLineA 0x41b06c
HeapCreate 0x41b070
VirtualFree 0x41b074
DeleteCriticalSection 0x41b078
LeaveCriticalSection 0x41b07c
EnterCriticalSection 0x41b080
VirtualAlloc 0x41b084
HeapReAlloc 0x41b088
HeapSize 0x41b08c
TerminateProcess 0x41b090
GetCurrentProcess 0x41b094
UnhandledExceptionFilter 0x41b098
SetUnhandledExceptionFilter 0x41b09c
IsDebuggerPresent 0x41b0a0
GetModuleHandleW 0x41b0a4
Sleep 0x41b0a8
ExitProcess 0x41b0ac
WriteFile 0x41b0b0
GetStdHandle 0x41b0b4
GetModuleFileNameA 0x41b0b8
WideCharToMultiByte 0x41b0bc
GetConsoleCP 0x41b0c0
GetConsoleMode 0x41b0c4
ReadFile 0x41b0c8
TlsGetValue 0x41b0cc
TlsAlloc 0x41b0d0
TlsSetValue 0x41b0d4
TlsFree 0x41b0d8
InterlockedIncrement 0x41b0dc
SetLastError 0x41b0e0
GetCurrentThreadId 0x41b0e4
FlushFileBuffers 0x41b0e8
SetFilePointer 0x41b0ec
SetHandleCount 0x41b0f0
GetFileType 0x41b0f4
GetStartupInfoA 0x41b0f8
RtlUnwind 0x41b0fc
FreeEnvironmentStringsA 0x41b100
GetEnvironmentStrings 0x41b104
FreeEnvironmentStringsW 0x41b108
GetEnvironmentStringsW 0x41b10c
QueryPerformanceCounter 0x41b110
GetTickCount 0x41b114
GetSystemTimeAsFileTime 0x41b118
InitializeCriticalSectionAndSpinCount 0x41b11c
GetCPInfo 0x41b120
GetACP 0x41b124
GetOEMCP 0x41b128
IsValidCodePage 0x41b12c
CompareStringA 0x41b130
CompareStringW 0x41b134
SetEnvironmentVariableA 0x41b138
WriteConsoleA 0x41b13c
GetConsoleOutputCP 0x41b140
WriteConsoleW 0x41b144
SetStdHandle 0x41b148
CreateFileA 0x41b14c
Function Address Souspicious Anti Debug
OleInitialize 0x41b17c
Function Address Souspicious Anti Debug
SafeArrayCreate 0x41b154
SafeArrayAccessData 0x41b158
SafeArrayUnaccessData 0x41b15c
SafeArrayDestroy 0x41b160
SafeArrayCreateVector 0x41b164
VariantClear 0x41b168
VariantInit 0x41b16c
SysFreeString 0x41b170
SysAllocString 0x41b174

Related files by ImpHash 15 bf5a4aa99e5b160f8521cadd6bfe73b8

Name Latest seen MD5
.NetFramework.exe 2023-06-22 19:16:03 b8bee86a938a8b2245aa9343077958a6
Lion.exe 2023-06-27 19:52:02 1cbb726aada6d392c55f2a52113d05eb
mo.exe 2023-06-28 10:56:02 8ef917494a0e51cc61e491173b16150d
btt.exe 2023-06-29 07:32:01 e052e7de9592d69a07411a1d2bb182b6
haitianzx.exe 2023-07-05 07:31:03 2d2e577e7bb99c8854fdc99d94eb1338
looorlki.exe 2023-07-07 08:36:02 02702bec6d76bf792b0ce39f6fab58e9
NBbH87.exe 2023-07-14 12:42:01 e8a59b068f08284eb4159afadb10110e
Asx.exe 2023-07-14 14:24:02 af2e78a40b94d6e6b5f1d002d340c059
MNKLOP873.exe 2023-07-20 07:25:02 a79a555d8074362ce42e03465fc6655d
SuWar3Tools.exe 2023-09-04 20:11:05 8306a21a9f7d2d20d2ef8df82d9a7750
CB.exe 2023-09-13 11:12:02 f89a7590147ed0c19e142705acf490af
F.exe 2023-09-13 11:13:02 be5d8aca3a377e02a7effcdc07029afd
Gen.exe 2023-09-13 17:34:03 d0fa181e7c69e0b03b243c2190910ddd
Bossf.exe 2023-09-14 09:32:02 638c636255e504c4770e02f7271daa6c
Bossk.exe 2023-09-14 09:33:03 81c2a78ac19f048e31da4ca0fa9b001a