plaza.exe

First submission 2024-02-08 03:43:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1171.0 KB (1199104 bytes)
Compile time: 2024-02-06 18:33:24
MD5: 1ff26dda5fc75cd7bc1f05ea538bde0f
SHA1: e7c9e6cd2d9a48154920001c4e7abd4c39ffa43a
SHA256: f5e9fbd5e21af911631990625f0f1abf0b7d8cd0ea7ae635767bfa069ad60123
Import Hash : 5ab723dc8d5af21b79dc301ed6a56a64
Sections 8 .rsrc .data
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.107.182.3/mine/plaza.exe VirusTotal Report 109.107.182.3 VirusTotal Report 2024-02-08 03:43:03

PE Sections 7 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x10b000 472064 8460db270d8249abd150da1c59d6c36280d67ff5 85945f4df77c300db685b8cafcb2a07f
0x10c000 0x27000 74240 f590372f19f82a62b1a3aea3bb5b2e2421933a34 46a9a939a0eff386b5e57dc73878ea75
0x133000 0x4000 2048 91bf2f148d4eeb0da1659e1c423a75c0cd16de7e 5f9659f27274698eb020d46f54047540
0x137000 0x5000 3584 fa135b37db6b9a7ec1b61d2982f0e1ff928dd5da af15993ac295024fb8010ac36e51f40b
0x13c000 0x9000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x145000 0x1000 1024 153489423f867fbc78f13e09f456137e1fa83624 0bedeb0b2af0b65b8680ee7ac86a1a38
0x146000 0x2fd000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.data 0x443000 0x9e000 645120 78fede2b6aafd7104830bc9ad6e5f467f6b42925 475aee675c2fe2a86e9c6238f1552732

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x138938 9640
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x13aee0 48
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x137190 664
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x145190 381

Packers detected 1

ASPack 1.02b or 1.08.03

Strings analysis - File found

Library
Crypt32.dll
SHLWAPI.dll
USER32.dll
ntdll.dll
ole32.dll
ADVAPI32.dll
SETUPAPI.dll
gdiplus.dll
KERNEL32.dll
OLEAUT32.dll
GDI32.dll
SHELL32.dll
VERSION.dll
WS2_32.dll

Import functions

Name Latest seen MD5
face.exe 2024-01-22 08:27:02 4b95a8bfbde9941cb0bb3384011d396c
rback.exe 2024-01-23 11:45:02 42224cf9fb760ca693c654ac705044c5
stan.exe 2024-01-24 11:44:02 49329694b17e0ce93181901d839772c8
rave.exe 2024-01-24 11:45:02 baf85abe2541a78fa4522d571481114e
rost.exe 2024-01-26 00:41:02 03135ee6d7c5c029982e63d36d368267
rost.exe 2024-01-26 00:43:02 2f9214f932a930a4cdff2b48a3a8eded
venom.exe 2024-01-27 23:29:02 50d2c23b2246cc8f3d2542e4fa8b2cf9
plata.exe 2024-01-28 05:27:02 44970eb6e354cb8609d7c85cdcbcceb8
vinu.exe 2024-01-28 15:11:02 f305f7b6dea863c2a43178d629db4781
donat.exe 2024-01-28 18:24:02 f4198806e182101396525fd4bc72692e
plana.exe 2024-02-04 13:10:04 7b0e45f57d7b98f3f5c0837019e39476