DigitalSide Threat Intel

asked.exe

First submission 2024-10-14 08:04:03

File details

File type: PE32+ executable (console) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 123.17 KB (126121 bytes)
Compile time: 2024-10-07 16:42:59
MD5: 26764c917c4cd5bb2c6d6b06d0b2981f
SHA1: eca5a57adc06ca293af4961a6183ed48c0ff47bd
SHA256: 7ebb2445e32334d2650f25f6d8e32e67f4b2aad85173dbb102f65e567325f66b
Import Hash : 297bd234ee664075e3728268feece84d
Sections 20 .text .data .rdata /4 .pdata .xdata .bss .idata .CRT .tls .reloc /14 /29 /41 /55 /67 /80 /91 /107 /123
Directories 3 import tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 23/76 VT report date: 2024-10-13 21:26:51
Malware Type 1 trojan
Threat Type 1 tedy

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://107.175.73.38/asked.exe VirusTotal Report 107.175.73.38 VirusTotal Report 2024-10-14 08:04:03

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x17c8 6144 f95624ec794d0f268a1c01791dbfc00daab14d84 65494203cf252fe346cf36613748b9c6
.data 0x3000 0xa0 512 4636b1763c77ecdd300f1c4f7432084c5b2f53b5 700fa73cd21cb14817b32642b7c8ac22
.rdata 0x4000 0x8e0 2560 18a5925c96997a354b41e5316d05bce8b8409c83 eced658bdeb6da9890632e37a08befe7
/4 0x5000 0x4 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.pdata 0x6000 0x228 1024 1be69a630d77ab6d78a5da13d2ccb62759b9a7ec 66482b8fc0e3cf8184009c047e493250
.xdata 0x7000 0x1a8 512 8c25e377009eae1c7208a23cd133d770e6629a12 c942dbe560ff4f47bf1fe6f78c25860a
.bss 0x8000 0x1e0 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x9000 0x5bc 1536 5d71193f7e42ce6e7817a1bf584a9c4848328178 d64f33cbf4ad3be2024556524b23d67b
.CRT 0xa000 0x60 512 2303f14cae6ac3175b61191c24353f6a49df8c3a 255619ddecb30b33da4789628b05b866
.tls 0xb000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0xc000 0x78 512 8827459aadd2fab51908c6a21596ee4d4a317a40 867c0674b85a90fd52cfc03374183773
/14 0xd000 0x460 1536 356d0a1f47a37bd67bea201b247c342e035fdcf6 4c235d1f040b621eea595074e377feb9
/29 0xe000 0xaae9 44032 c1242803ec07de2f5e568feac1ea2fc90d73bb74 b42414b02738a6e22bab45de813b7830
/41 0x19000 0x1cb8 7680 0bf7cf6312c5764c8b5b6ac52a0668ec760697ff 089bd22e9162cbfa4761dd2e0e909a38
/55 0x1b000 0x1b32 7168 40fd062ccbf02a7a5b8c5133edd6c34823e0ae75 3474fd67ac680f6e60e3e1cd6a81711e
/67 0x1d000 0xad0 3072 fc13c143d8c6226b83ca50619cc7724114cd3f51 7f9b29e761d9e07d83c3489e52342e5d
/80 0x1e000 0x354 1024 a40def3e59e56c244b7f1ee9e4d2758cc286e7db a5657ca8b7b4d6587b37b69dca0759a0
/91 0x1f000 0x205b 8704 6a74e6e58cbb49e6a89961f7071d5710271c5c31 9bbe9dd66e6ef5ad08d3fe0304d7e852
/107 0x22000 0x120d 5120 6adbfb9c98fc58017e73c6ae09ebbbfef3e18b02 b766092a75cab20f3c0bd4b595f53148
/123 0x24000 0x195 512 a2a125cb7390661b9af98659661b28127255ba37 0a478305b637270896b63c2f3a8d9a48

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
libgcc_s_dw2-1.dll
MSVCRT.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
DeleteCriticalSection 0x140009184
EnterCriticalSection 0x14000918c
FreeLibrary 0x140009194
GetLastError 0x14000919c
GetModuleHandleA 0x1400091a4
GetProcAddress 0x1400091ac
InitializeCriticalSection 0x1400091b4
LeaveCriticalSection 0x1400091bc
LoadLibraryA 0x1400091c4
SetUnhandledExceptionFilter 0x1400091cc
Sleep 0x1400091d4
TlsGetValue 0x1400091dc
VirtualProtect 0x1400091e4
VirtualQuery 0x1400091ec
Function Address Souspicious Anti Debug
__C_specific_handler 0x1400091fc
__getmainargs 0x140009204
__initenv 0x14000920c
__iob_func 0x140009214
__set_app_type 0x14000921c
__setusermatherr 0x140009224
_amsg_exit 0x14000922c
_cexit 0x140009234
_commode 0x14000923c
_fmode 0x140009244
_initterm 0x14000924c
_onexit 0x140009254
abort 0x14000925c
calloc 0x140009264
exit 0x14000926c
fprintf 0x140009274
free 0x14000927c
fwrite 0x140009284
malloc 0x14000928c
memcpy 0x140009294
signal 0x14000929c
strlen 0x1400092a4
strncmp 0x1400092ac
system 0x1400092b4
vfprintf 0x1400092bc