66fa7e7373674_4.exe

First submission 2024-09-30 14:25:01 Last sumbission 2024-10-04 22:03:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 370.5 KB (379392 bytes)
Compile time: 2023-12-05 08:20:46
MD5: 245f52e7267ef7042583d20b32023967
SHA1: ba5e0ddef975bc7928c3af7d56080276216c6a32
SHA256: 5db8ed24d791ca0f05f6df8517b679a456059a09ffd10b0cca1e83d27818fd8f
Import Hash : eb865bbda5c0f6f3a0041e74d558d3f8
Sections 5 .text .rdata .data .tls .rsrc
Directories 3 import resource tls

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 29/77 VT report date: 2024-09-30 14:02:47
Malware Type 1 trojan
Threat Type 1 pwsx

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://hans.uniformeslaamistad.com/malesa/66fa7e7373674_4.exe VirusTotal Report hans.uniformeslaamistad.com VirusTotal Report 2024-10-04 22:03:05
hXXp://147.45.44.104/malesa/66fa7e7373674_4.exe VirusTotal Report 147.45.44.104 VirusTotal Report 2024-09-30 14:25:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x3866f 231424 ea47d6299b0e6cdb19a8a30b694ba6b4d29262f8 e7279660b79c381c49f4eac402a2797d
.rdata 0x3a000 0x22fe 9216 da27f2ac0e8de67c431a059e524e31349b4d72e9 b94dc4e30ebd758b0a95e3c215a169e8
.data 0x3d000 0xf92b8 6656 8c715e6b7871857da77c912bdd6677dd8d595721 54309c1151aa5e97e3771ed2ebba6702
.tls 0x137000 0x51d 1536 53ea2cb716f312714685c92b6be27e419f8c746c 53e979547d8c2ea86560ac45de08ae25
.rsrc 0x138000 0x1f978 129536 954705592d5e8b594aba0432e873cf7b4ab1228e ef327e0dc82b168ae1808ec1300429fb

PE Resources 8

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x150178 2
BUXILODUGEDUPUCEGAT LANG_TURKISH SUBLANG_DEFAULT 0x14f580 3063
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x1502b0 9640
RT_ICON LANG_TURKISH SUBLANG_DEFAULT 0x14f0a0 1128
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x1578d8 156
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x152858 34
RT_GROUP_ICON LANG_TURKISH SUBLANG_DEFAULT 0x148ce0 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x152880 424

Meta infos 5

InternalName: Sound
Translations: 0x1897 0x050a
FileVersions: 10.50.65.70
ProductVersion: 2.18.60.15
CompanyName: Giant

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

DebugActiveProcessStop
GetLastError
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll
ADVAPI32.dll
USER32.dll
MSIMG32.dll

Strings analysis - Possible IPs found 2

10.50.65.70
2.18.60.15

Import functions