AutoFarm.exe
First submission 2023-09-11 08:18:07
File details
| File type: | PE32+ executable (GUI) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 18112.11 KB (18546805 bytes) |
| Compile time: | 2023-09-10 17:56:23 |
| MD5: | 1f0af02e19a551873198d9e0599c9e55 |
| SHA1: | 76a505b03876c4712de4083eaeec6099ec6b73bd |
| SHA256: | f2b2c438fa653a956f4b92a39caf23bdca3371278ae463f572172c94b3ef64c4 |
| Import Hash : | 1e92fd54d65284238a0e3b74b2715062 |
| Sections 7 | .text��� .rdata�� .data��� .pdata�� _RDATA�� .rsrc��� .reloc�� |
| Directories 4 | import resource debug relocation |
| Virus Total: | 27/71 VT report date: 2023-09-10 20:12:07 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXps://cdn.discordapp.com/attachments/1150452216969310328/1150461203584385154/AutoFarm.exe  |
cdn.discordapp.com |
2023-09-11 08:18:07 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x28710 | 165888 | e15872f0de54a6d043e4393fbd549ea1610b0883 | e4f89af1ba6511882cb4cd14d9f6eca0 | |
| .rdata�� | 0x2a000 | 0x1282e | 76288 | 6e2f0089d57dc5f3b97a8284aeb6db71ae599006 | a0ceb36fb0805d3006f024821c7a163c | |
| .data��� | 0x3d000 | 0x103e8 | 3584 | d4c953f89fd70f37e55ba6c4ce6eebd2bc17e4db | 8197d15b5af8fff7ec6022f8809b64c8 | |
| .pdata�� | 0x4e000 | 0x20a0 | 8704 | e2a1cf46fa7fcdbc7939358c02a9de9d85500ef8 | 77e2f2d72516a8aa1832e8298e54381f | |
| _RDATA�� | 0x51000 | 0x15c | 512 | 354e5acb26cebcef4e637aaf6bae5f3a05ee3243 | 0ed86077474ad8a4a0621ecbc29cb84c | |
| .rsrc��� | 0x52000 | 0xf498 | 62976 | de01d1fdfeee73131e7f47a08c86957cd254bd13 | ac8c7cbe6626a5ff9e2bb1338d967035 | |
| .reloc�� | 0x62000 | 0x754 | 2048 | 7d1edc41fd0cf54f92d860819a4ea04e5f5c470b | 7fed9a3addc55d51107d5af5a380ab8e |
PE Resources 3
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x60a3c | 1128 | |
| RT_GROUP_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x60ea4 | 104 | |
| RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x60f0c | 1417 |
Packers detected 1
| Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 6
| GetLastError |
| IsDebuggerPresent |
| IsProcessorFeaturePresent |
| RaiseException |
| TerminateProcess |
| UnhandledExceptionFilter |
Anti debug functions 1
| Virtual Box |
Strings analysis - File found
| Compressed |
| base_library.zip |
| xbase_library.zip |
| Text |
| xpyinstaller-5.1.dist-info\COPYING.txt |
| xpyinstaller-5.1.dist-info\top_level.txt |
| xaltgraph-0.17.3.dist-info\top_level.txt |
| xpyinstaller-5.1.dist-info\entry_points.txt |
| Library |
| mscoree.dll |
| bpywintypes310.dll |
| bsqlite3.dll |
| bpython3.dll |
| bmfc140u.dll |
| GDI32.dll |
| ADVAPI32.dll |
| KERNEL32.dll |
| COMCTL32.dll |
| ucrtbase.dll |
| blibffi-7.dll |
| bpythoncom310.dll |
| bVCRUNTIME140.dll |
| bpython310.dll |
| USER32.dll |
| bVCRUNTIME140_1.dll |
| blibcrypto-1_1.dll |
| blibssl-1_1.dll |
| 6python310.dll |
Strings analysis - Possible URLs found 1
| http://schemas.microsoft.com/SMI/2016/WindowsSettings |