current.exe

First submission 2024-02-07 23:41:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 484.0 KB (495616 bytes)
Compile time: 2023-01-13 09:16:19
MD5: 2640c96c0be54c6f5b1880bdde2d0c92
SHA1: 072fa1b581c492d27eee916e0bf3d6fc6c986ff8
SHA256: 84cd7052ee57d4b6c115d46abd5864f7a002a8a615b99aa796af2e5e47a184f4
Import Hash : 62d46ff31d47f63978e2d51da092dc3a
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://77.91.68.222:8000/current.exe VirusTotal Report 77.91.68.222 VirusTotal Report 2024-02-07 23:41:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x64186 410112 04546b4199448b1ba92586627aa98381973a6d1b c6e9d5e187d30e4a943a6993b4b2cc4f
.rdata 0x66000 0x5280 21504 645991df3c36b38b53425f9986898dabef608e6c bc0ff9c83a00d6906f68626107d513bf
.data 0x6c000 0x12528 20992 baafe9b2c62685459b2b9350e175f8a1cfebe273 74893fe868abddbbe343693edcaf8d2a
.rsrc 0x7f000 0x17248 41984 2a2315bf1fd9b45fe84f4547d29e445d8e6856db 4b4849a98af42c8d6d15c1f327850e58

PE Resources 7

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x87430 14
TAJONULE LANG_ROMANIAN SUBLANG_ROMANIAN 0x855b0 7729
RT_ICON LANG_ROMANIAN SUBLANG_ROMANIAN 0x850e0 1128
RT_STRING LANG_ROMANIAN SUBLANG_ROMANIAN 0x88e70 978
RT_ACCELERATOR LANG_ROMANIAN SUBLANG_ROMANIAN 0x873e8 72
RT_GROUP_ICON LANG_ROMANIAN SUBLANG_ROMANIAN 0x85548 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x87440 496

Meta infos 6

FileVersion: 1.24.72.42
FileDescription: Black
Translation: 0x0407 0x0672
ProductName: Mustifest
OriginalFilename: Wonder
ProductVersion: 94.56.64.72

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
WINHTTP.dll
USER32.dll
MSIMG32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

94.56.64.72
1.24.72.42

Import functions

Name Latest seen MD5
Earco8.exe 2024-02-07 16:22:04 35ffefa212414c2538df410e5ad3afa7