5d6d5729c77f83d2a011f8dfedb3b9e5a3fb191d7582e6f9d108a0490689274d.exe.exe

First submission 2024-09-30 16:37:07

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2600.83 KB (2663255 bytes)
Compile time: 2019-08-25 15:02:36
MD5: 1eed7c1162a4e94c251a6431b76f7fbb
SHA1: 1d026ae91884bffe2f357f8edee3b386d53013e2
SHA256: 5d6d5729c77f83d2a011f8dfedb3b9e5a3fb191d7582e6f9d108a0490689274d
Import Hash : 0b55292e4ddb3fff8d279e2430c61f14
Sections 4 .text .rdata .data .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 60/77 VT report date: 2024-09-30 01:30:49
Malware Type 3 trojan downloader pua
Threat Type 3 doina hupigon malgent

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://140.83.50.60:8001/cry/5d6d5729c77f83d2a011f8dfedb3b9e5a3fb191d7582e6f9d108a0490689274d.exe.exe VirusTotal Report 140.83.50.60 VirusTotal Report 2024-09-30 16:37:07

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x58e97 364544 ad761e7fbc0ab2f444bbf5d81ccec739698769d9 0f43a4e7155b644b01995ca5d222f8bc
.rdata 0x5a000 0x17f8a 98304 e56c995695defc072fea8d631cd7b6a7c9733787 2b357e98d8650f891549cd7d84094b16
.data 0x72000 0x13fe0 12288 e066ef9758dcf3a3388cc0d043f154d84c268ebc b9df37f8e4b6cc27b83b9a118a6c36d2
.rsrc 0x86000 0x215dbd 2186752 1abc28b8a0a7568e26cb8f03a181ab33a4e506fb 8f75f1f82f385252122bc8f860c61751

PE Resources 11

Name Language Sublanguage Offset Size Data
DLL LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x101050 45056
RT_CURSOR LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x10de88 308
RT_BITMAP LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29623c 324
RT_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29a088 296
RT_MENU LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29a1b0 70
RT_DIALOG LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29acd0 52
RT_STRING LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29b6bc 48
RT_GROUP_CURSOR LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29b828 20
RT_GROUP_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29b894 20
RT_VERSION LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x29b8a8 944
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x29bc58 357

Meta infos 13

LegalCopyright: Copy Right (C) RXJH2 2008-2020
InternalName: \x70ed\x8840\x6c5f\x6e56
FileVersion: 2, 1, 7, 0
FileDescription: \x70ed\x8840\x6c5f\x6e56
SpecialBuild: yuuxia@gmail.com
CompanyName: 1234rxjh.COM
LegalTrademarks: \x70ed\x8840\x6c5f\x6e56
Comments: yuuxia@gmail.com
ProductName: \x70ed\x8840\x6c5f\x6e56
ProductVersion: 2, 1, 7, 0
PrivateBuild: yuuxia@gmail.com
Translation: 0x0804 0x04b0
OriginalFilename: \x70ed\x8840\x6c5f\x6e56.EXE

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 8

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
Process32First
Process32Next
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 3

Virtual Box
VMware trick
VMCheck.dll

Strings analysis - File found

Log
%s\rxjh_%s.log
client\rxjh_Error.log
Object
hhctrl.ocx
Data
client\VSvolume3.dat
Text
pause.txt
Log.txt
.\pause.txt
client\pause.txt
client\rxjhlog.txt
/FileList.txt
Library
CoreBpl.dll
KERNEL32.dll
WUSER32.DLL
mscoree.dll
ekernel32.dll
mfcm90.dll
MSVCRT.dll
ADVAPI32.dll
SHELL32.dll
yb_test.dll
rxbb.dll
WINMM.dll
OLEAUT32.dll
USER32.dll
oledlg.dll
LoadLibrary iphlpapi.dll
yb_key.dll
LoadLibrary KERNEL32.dll
yb_mem.dll
ntdll.dll
COMDLG32.dll
ICMP.DLL
.\client\yb_mem.dll
PSAPI.DLL
WS2_32.dll
SHLWAPI.dll
\client\Kilos.dll
python24.dll
urlmon.dll
COMCTL32.dll
CloseProcessDEP() LoadLibrary ntdll.dll
.\client\yb_key.dll
OLEACC.dll
LoadLibrary ntdll.dll
msi.dll
MFC42.DLL
WININET.dll
NETAPI32.dll
IPHLPAPI.DLL
ole32.dll
LoadLibraryA ADVAPI32.dll
GDI32.dll
LoadLibrary USER32.dll
%s%s.dll
WSOCK32.dll

Strings analysis - Possible IPs found 21

58.215.115.59
219.153.54.200
59.42.248.238
219.153.54.71
218.25.104.71
218.25.57.22
218.61.14.71
218.30.83.200
125.76.240.200
218.25.75.71
221.236.28.80
58.215.115.58
218.25.57.200
218.25.104.200
221.236.20.202
125.76.240.71
218.30.83.71
218.25.75.200
59.42.248.207
218.61.14.200
61.129.58.193

Strings analysis - Possible URLs found 7

file://
http://
http://www.baidu.com:89/client.exe
https://
http://up.86jh.com:999/
http://www.baidu.com:89/login.exe
https://www.rxjh4.com/

Import functions