66fa7e7373674_4.exe
First submission 2024-09-30 14:25:01
Last sumbission 2024-10-04 22:03:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 370.5 KB (379392 bytes) |
Compile time: | 2023-12-05 08:20:46 |
MD5: | 245f52e7267ef7042583d20b32023967 |
SHA1: | ba5e0ddef975bc7928c3af7d56080276216c6a32 |
SHA256: | 5db8ed24d791ca0f05f6df8517b679a456059a09ffd10b0cca1e83d27818fd8f |
Import Hash : | eb865bbda5c0f6f3a0041e74d558d3f8 |
Sections 5 | .text .rdata .data .tls .rsrc |
Directories 3 | import resource tls |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 29/77 VT report date: 2024-09-30 14:02:47 |
Malware Type 1 | trojan |
Threat Type 1 | pwsx |
URLs, FQDN and IP indicators 2
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x3866f | 231424 | ea47d6299b0e6cdb19a8a30b694ba6b4d29262f8 | e7279660b79c381c49f4eac402a2797d | |
.rdata | 0x3a000 | 0x22fe | 9216 | da27f2ac0e8de67c431a059e524e31349b4d72e9 | b94dc4e30ebd758b0a95e3c215a169e8 | |
.data | 0x3d000 | 0xf92b8 | 6656 | 8c715e6b7871857da77c912bdd6677dd8d595721 | 54309c1151aa5e97e3771ed2ebba6702 | |
.tls | 0x137000 | 0x51d | 1536 | 53ea2cb716f312714685c92b6be27e419f8c746c | 53e979547d8c2ea86560ac45de08ae25 | |
.rsrc | 0x138000 | 0x1f978 | 129536 | 954705592d5e8b594aba0432e873cf7b4ab1228e | ef327e0dc82b168ae1808ec1300429fb |
PE Resources 8
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x150178 | 2 | |
BUXILODUGEDUPUCEGAT | LANG_TURKISH | SUBLANG_DEFAULT | 0x14f580 | 3063 | |
RT_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x1502b0 | 9640 | |
RT_ICON | LANG_TURKISH | SUBLANG_DEFAULT | 0x14f0a0 | 1128 | |
RT_STRING | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x1578d8 | 156 | |
RT_GROUP_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x152858 | 34 | |
RT_GROUP_ICON | LANG_TURKISH | SUBLANG_DEFAULT | 0x148ce0 | 104 | |
RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x152880 | 424 |
Meta infos 5
InternalName: | Sound |
Translations: | 0x1897 0x050a |
FileVersions: | 10.50.65.70 |
ProductVersion: | 2.18.60.15 |
CompanyName: | Giant |
Packers detected 2
Microsoft Visual C++ 8 |
VC8 -> Microsoft Corporation |
Anti debug functions 5
DebugActiveProcessStop |
GetLastError |
IsDebuggerPresent |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Library |
mscoree.dll |
KERNEL32.dll |
ADVAPI32.dll |
USER32.dll |
MSIMG32.dll |
Strings analysis - Possible IPs found 2
10.50.65.70 |
2.18.60.15 |