s1.exe

First submission 2023-09-14 23:51:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	297.5 KB (304640 bytes)
Compile time:	2023-01-17 17:50:38
MD5:	1d6a742534494f66081d5b70f44f6695
SHA1:	1bf8a9547ab90cdf0b22b6dd92b3e2abfd6ff2c2
SHA256:	9e89c31df9863bff75a294fdf1700a0a18607a0ddbf1bab54426a834c758e592
Import Hash :	85f93ec750e6f7137bb7fe5a5261ac14
Sections 4	.text .data .rsrc .reloc
Directories 4	import resource debug relocation
Virus Total:	29/71 VT report date: 2023-09-14 21:23:41

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://5.42.64.2/api/files/software/s1.exe	5.42.64.2	2023-09-14 23:51:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x3c5f6	247296	83aa76869460d14b6e028fd016ff4248d891caca	d8fa042b21833dbf85e3ec8c8f8ede6f
.data	0x3e000	0x50408	12800	531ff606888be429907d1fe5b8ed1ee0bddec97c	121824430571e5d7024efbdb8a53107c
.rsrc	0x8f000	0x86b0	34816	58bbdbe72354dcb1119850dd3a50c7931141d049	2088815cfe78c4cd4ec05bb863021008
.reloc	0x98000	0x211e	8704	fcccb1e66b743dd505038b0089394a2d6c479f3b	1897458b43c7bea6a34e74e801b5108e

PE Resources 8

Name	Language	Sublanguage	Offset	Size	Data
AFX_DIALOG_LAYOUT	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x92700	14
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x95d50	1384	PE Resource: RT_CURSOR - Data ( """>>>EEEZZZbbbhhhvvv~~~Qcv1Qq,/KPhp1Qq/!P7pLcy1Qq/Pp",6@J[1qQq/Pp =1[Qyq/"P0p=LYgx1Qq&/@PZpt1Qq/&PAp[t1Qq/P"p0>M[iy1Qq/Pp >1\Qzq/Pp!+6@IZ1pQq/ P6pLbx1Qq,/KPip1Qq/-P?pRcv1Qq/Pp!&,>X1qQq
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x921f0	1128	PE Resource: RT_ICON - Data ( }{~\|z{}\|\|~}z\|\|z{}~{~~~z{{~{{}zz\|{}~~~\|\|}z\|}z~\|~{}~\|}z{z{~z\|~}\|}{\|\|\|\|}z\|\|}}{~{{\|~\|\|~~{~~{{\|{~\|}\|{}{{~{{{~}\|\|\|~}}\|~{{~~\|}\|~\|~\|}}}}~z~{\|}}~{{\|z~zz{\|z~{\|~\|{}z\|\|~~\|\|~\|{\|\|z{~z{}}{}~z~~\|{{{{\|}{z~\|{~~z~z\|~{\|{}}z{\|}}~z}\|{{{zz~{z~{{~~}}}zz~}{}}}{}~~~z{z}{\|}~~\|{~{}}z~~~}}\|\|\|~~~{{}{}z{zz{z\|}z}\|~{~}}zz}\|{{{}\|{~~z{}\|}z~{}{}\|~}{~AAAAAAAAAAAAAAAA
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x97190	1310	PE Resource: RT_STRING - Data Begolelemuw comopusaxem Nugil xeboy fuzewilugit nisajoxo4Kofu mefulizu hefip doduge petivobukokay bejuxubibus_Jubapatodahu kunanune rowujegiwuc xamebexurog dixugula xotajobeyuhabik wusedakojeh yanowunovaxo Yuz pivexDWowowi hov levula tokubew texiwufituyupo punomevelugekap fuzokem vakNKuhuzojasi tetuwad tubilasifid kevi waciduvikec xemevisap tubiko fuwurifibedac1Xedemur goteyici gofometuhadiho xuxu tow nuverasi!Wozisi lonohufuvev fitom jopibexuMHunolos dexegu sayaboxuhaw vopag vorij ditagofihivit tipesoj xax sukivejofikobCaxarecudenil nine lovow lobamewodi sumeri zimod falopesopu sacegu durebumewonodul wetavijagafojipMukawod mucipahuw vowomus
RT_ACCELERATOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x926d0	48
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x962b8	48
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x92658	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x962e8	624	PE Resource: RT_VERSION - Data p4VS_VERSION_INFO4aStringFileInfo042231F2: FileDescriptionSilvupleZLegalCopyrightCopyright (C) 2022, Uniqum@OriginalFilenamebetshop.exeB ProductsVersion29.510.12.194 ProductNameKuihmfghiDProductionVersion82.27.62.16DVarFileInfo$Translation

Meta infos 7

LegalCopyright:	Copyright (C) 2022, Uniqum
ProductionVersion:	82.27.62.16
FileDescription:	Silvuple
Translation:	0x08bf 0x0ad5
ProductsVersion:	29.510.12.19
OriginalFilename:	betshop.exe
ProductName:	Kuihmfghi

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

82.27.62.16

Import functions

KERNEL32.dll 103 GDI32.dll 1 USER32.dll 12

Function	Address	Souspicious	Anti Debug
EnumResourceNamesW	0x401008
CreateFileA	0x40100c
SetThreadContext	0x401010
PeekNamedPipe	0x401014
VirtualQuery	0x401018
SetEndOfFile	0x40101c
LoadResource	0x401020
SetConsoleTextAttribute	0x401024
OpenJobObjectA	0x401028
GetLogicalDriveStringsW	0x40102c
GlobalLock	0x401030
WriteConsoleInputA	0x401034
CreateHardLinkA	0x401038
FreeEnvironmentStringsA	0x40103c
GetModuleHandleW	0x401040
GetTickCount	0x401044
GetDateFormatA	0x401048
LoadLibraryW	0x40104c
IsValidLocale	0x401050
GetFileAttributesA	0x401054
FindNextVolumeW	0x401058
ReplaceFileW	0x40105c
FileTimeToSystemTime	0x401060
IsDBCSLeadByte	0x401064
GetShortPathNameA	0x401068
GetTempFileNameW	0x40106c
ReadConsoleOutputCharacterA	0x401070
GetProcAddress	0x401074
VirtualAlloc	0x401078
BackupWrite	0x40107c
BeginUpdateResourceA	0x401080
FoldStringW	0x401084
GetModuleHandleA	0x401088
FindFirstChangeNotificationA	0x40108c
FindNextFileW	0x401090
FindFirstVolumeA	0x401094
CloseHandle	0x401098
WriteConsoleW	0x40109c
GetConsoleOutputCP	0x4010a0
WriteConsoleA	0x4010a4
GetLocaleInfoW	0x4010a8
LoadLibraryA	0x4010ac
FlushFileBuffers	0x4010b0
GetConsoleMode	0x4010b4
GetConsoleCP	0x4010b8
GetLastError	0x4010bc
InterlockedIncrement	0x4010c0
InterlockedDecrement	0x4010c4
Sleep	0x4010c8
InitializeCriticalSection	0x4010cc
DeleteCriticalSection	0x4010d0
EnterCriticalSection	0x4010d4
LeaveCriticalSection	0x4010d8
HeapFree	0x4010dc
TerminateProcess	0x4010e0
GetCurrentProcess	0x4010e4
UnhandledExceptionFilter	0x4010e8
SetUnhandledExceptionFilter	0x4010ec
IsDebuggerPresent	0x4010f0
MultiByteToWideChar	0x4010f4
GetStartupInfoW	0x4010f8
RtlUnwind	0x4010fc
RaiseException	0x401100
LCMapStringA	0x401104
WideCharToMultiByte	0x401108
LCMapStringW	0x40110c
GetCPInfo	0x401110
HeapAlloc	0x401114
HeapCreate	0x401118
VirtualFree	0x40111c
HeapReAlloc	0x401120
TlsGetValue	0x401124
TlsAlloc	0x401128
TlsSetValue	0x40112c
TlsFree	0x401130
SetLastError	0x401134
GetCurrentThreadId	0x401138
GetACP	0x40113c
GetOEMCP	0x401140
IsValidCodePage	0x401144
SetFilePointer	0x401148
ExitProcess	0x40114c
WriteFile	0x401150
GetStdHandle	0x401154
GetModuleFileNameA	0x401158
GetModuleFileNameW	0x40115c
FreeEnvironmentStringsW	0x401160
GetEnvironmentStringsW	0x401164
GetCommandLineW	0x401168
SetHandleCount	0x40116c
GetFileType	0x401170
GetStartupInfoA	0x401174
QueryPerformanceCounter	0x401178
GetCurrentProcessId	0x40117c
GetSystemTimeAsFileTime	0x401180
HeapSize	0x401184
GetUserDefaultLCID	0x401188
GetLocaleInfoA	0x40118c
EnumSystemLocalesA	0x401190
GetStringTypeA	0x401194
GetStringTypeW	0x401198
InitializeCriticalSectionAndSpinCount	0x40119c
SetStdHandle	0x4011a0

Function	Address	Souspicious	Anti Debug
GetCharWidthI	0x401000

Function	Address	Souspicious	Anti Debug
CharToOemBuffA	0x4011a8
GetMenuItemID	0x4011ac
GetKeyNameTextA	0x4011b0
GetMessageExtraInfo	0x4011b4
ChangeMenuA	0x4011b8
GetParent	0x4011bc
LoadMenuA	0x4011c0
GetClassInfoExW	0x4011c4
CopyIcon	0x4011c8
LoadBitmapW	0x4011cc
DdeQueryStringA	0x4011d0
CloseWindow	0x4011d4

Name	Latest seen	MD5
timeSync.exe	2023-09-15 00:31:02	8816dec1704461c24f7575c00f7f86d4

s1.exe

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 8

Meta infos 7

Packers detected 2

Anti debug functions 5

Strings analysis - File found

Strings analysis - Possible IPs found 1

Import functions

Related files by ImpHash 1 85f93ec750e6f7137bb7fe5a5261ac14