7f3c2473d1e6.exe

First submission 2024-10-13 06:20:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	1023.5 KB (1048064 bytes)
Compile time:	2024-10-13 06:15:12
MD5:	21b00885507b17bb51792cbac9cd7d01
SHA1:	a8263bb900d757441ee97f73666eb6a381fbead9
SHA256:	01cddc898479dccce3d215de27163673b5d5d75b2ebbdc0f679e5d044919233f
Import Hash :	285f07c66f98861b92460fa57c11d967
Sections 5	.text .rdata .data .rsrc .reloc
Directories 4	import resource debug relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://cache.ussc.org/css/7f3c2473d1e6.exe	cache.ussc.org	2024-10-13 06:20:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x87979	555520	dbda84660d85c0b6d6fd279a80ef49706a5f5964	6026dec9b53837f56707996caae5a05b
.rdata	0x89000	0x10dbc	69120	c5610415f3a0f46bc8b9026c8cfb63b403e0d75c	e7c1806676526120936976dc003a7af9
.data	0x9a000	0x6360c	401408	7d4c9bb42cb37937ef121228d87719f3c2a851df	71364c6f99b3a961db3413ba20b14178
.rsrc	0xfe000	0x595	1536	90a3db5b27a181580c9f6acc3a9307b19eb9e4c4	2334d4c95707bd97448436167283be28
.reloc	0xff000	0x4a6c	19456	8c26e86dccbac63d43093d4b895b4ab2585f8b21	574c856db9dc95d32587cd01cca8a6a1

PE Resources 2

Name	Language	Sublanguage	Offset	Size	Data
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xfe0a0	888	PE Resource: RT_VERSION - Data t4VS_VERSION_INFO 4aJ 4aJ?StringFileInfo040904B0LCompanyNameMicrosoft CorporationDFileDescriptionPrint Utilityn'FileVersion10.0.19041.3636 (WinBuild.160101.0800),InternalNamePrint.LegalCopyright Microsoft Corporation. All rights reserved.< OriginalFilenamePrint.Exej%ProductNameMicrosoft Windows Operating SystemDProductVersion10.0.19041.3636DVarFileInfo$Translation
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xfe418	381	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_VERSION

LANG_ENGLISH

SUBLANG_ENGLISH_US

0xfe0a0

888

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0xfe418

381

Meta infos 9

LegalCopyright:	\xa9 Microsoft Corporation. All rights reserved.
InternalName:	Print
FileVersion:	10.0.19041.3636 (WinBuild.160101.0800)
CompanyName:	Microsoft Corporation
ProductVersion:	10.0.19041.3636
FileDescription:	Print Utility
Translation:	0x0409 0x04b0
OriginalFilename:	Print.Exe
ProductName:	Microsoft\xae Windows\xae Operating System

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 7

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
Hmscoree.dll
KERNEL32.dll

Import functions

KERNEL32.dll 89

Function	Address	Souspicious	Anti Debug
WaitForSingleObject	0x489000
CloseHandle	0x489004
CreateThread	0x489008
MultiByteToWideChar	0x48900c
FormatMessageA	0x489010
GetStringTypeW	0x489014
WideCharToMultiByte	0x489018
EnterCriticalSection	0x48901c
LeaveCriticalSection	0x489020
InitializeCriticalSectionEx	0x489024
DeleteCriticalSection	0x489028
EncodePointer	0x48902c
DecodePointer	0x489030
LocalFree	0x489034
GetLocaleInfoEx	0x489038
LCMapStringEx	0x48903c
CompareStringEx	0x489040
GetCPInfo	0x489044
IsProcessorFeaturePresent	0x489048
UnhandledExceptionFilter	0x48904c
SetUnhandledExceptionFilter	0x489050
GetCurrentProcess	0x489054
TerminateProcess	0x489058
QueryPerformanceCounter	0x48905c
GetCurrentProcessId	0x489060
GetCurrentThreadId	0x489064
GetSystemTimeAsFileTime	0x489068
InitializeSListHead	0x48906c
IsDebuggerPresent	0x489070
GetStartupInfoW	0x489074
GetModuleHandleW	0x489078
CreateFileW	0x48907c
RaiseException	0x489080
RtlUnwind	0x489084
InterlockedPushEntrySList	0x489088
InterlockedFlushSList	0x48908c
GetLastError	0x489090
SetLastError	0x489094
InitializeCriticalSectionAndSpinCount	0x489098
TlsAlloc	0x48909c
TlsGetValue	0x4890a0
TlsSetValue	0x4890a4
TlsFree	0x4890a8
FreeLibrary	0x4890ac
GetProcAddress	0x4890b0
LoadLibraryExW	0x4890b4
GetStdHandle	0x4890b8
WriteFile	0x4890bc
GetModuleFileNameW	0x4890c0
ExitProcess	0x4890c4
GetModuleHandleExW	0x4890c8
HeapAlloc	0x4890cc
HeapFree	0x4890d0
GetDateFormatW	0x4890d4
GetTimeFormatW	0x4890d8
CompareStringW	0x4890dc
LCMapStringW	0x4890e0
GetLocaleInfoW	0x4890e4
IsValidLocale	0x4890e8
GetUserDefaultLCID	0x4890ec
EnumSystemLocalesW	0x4890f0
GetFileType	0x4890f4
GetCurrentThread	0x4890f8
FlushFileBuffers	0x4890fc
GetConsoleOutputCP	0x489100
GetConsoleMode	0x489104
ReadFile	0x489108
GetFileSizeEx	0x48910c
SetFilePointerEx	0x489110
ReadConsoleW	0x489114
SetConsoleCtrlHandler	0x489118
HeapReAlloc	0x48911c
GetTimeZoneInformation	0x489120
OutputDebugStringW	0x489124
FindClose	0x489128
FindFirstFileExW	0x48912c
FindNextFileW	0x489130
IsValidCodePage	0x489134
GetACP	0x489138
GetOEMCP	0x48913c
GetCommandLineA	0x489140
GetCommandLineW	0x489144
GetEnvironmentStringsW	0x489148
FreeEnvironmentStringsW	0x48914c
SetEnvironmentVariableW	0x489150
SetStdHandle	0x489154
GetProcessHeap	0x489158
HeapSize	0x48915c
WriteConsoleW	0x489160

Name	Latest seen	MD5
670a8ccf0c6f9_LofiseNose.exe	2024-10-13 07:06:02	400af20bb680795b1a047b588d8f1b26
54f0fa329a53.exe	2024-10-15 12:57:02	7de1a4a7d819cc98fccdea05f9326c1a