b1.exe

First submission 2022-08-02 07:13:31

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
File type: 504.68 KB (516792 bytes)
Compile time: 2021-09-25 23:56:47
MD5: 268e27279cffcb8765360a52bc44785f
SHA1: 17e0b8fe9acfd1776a1566ce5ed6f051f7e0f91f
SHA256: e14a079d5b6a7ee69fad8577c089a2c1cad0d3c8152d5cadda836930bff2a40a
Import Hash : 61259b55b8912888e90f516ca08dc514
Sections 5 .text .rdata .data .ndata .rsrc
Directories 3 import resource security
Virus Total: 2/70 VT report date: 2022-08-02 05:00:00

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://files.ddrive.online/b1.exe VirusTotal Report files.ddrive.online VirusTotal Report 2022-08-02 07:13:31

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6676 26624 55517dc6ad93689679677d152abfdd1ce20f1135 6f5abe9eeda26ee84b3c1ed1a6c82001
.rdata 0x8000 0x139a 5120 dc4f14d019cad6646b38852dfb7370532acafebc 8c5edfd8ff9cc0135e197611be38ca18
.data 0xa000 0x20378 1536 f45486287d474fdcafc99c24e37c4eb61bf613b3 4b2421975c21b032f7ea000f5e7f9fbf
.ndata 0x2b000 0x36000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x61000 0x1cca8 118272 78879eab85371c8ba807c7f00437470146ae7d80 89bd623f521266a8685f878d86d65650

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0x61358 872
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x7ced0 1128
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x7d8a8 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x7d908 90
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x7d968 830

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
ff32db1e3efbf678632395e157de805f 80dfddacaa80aa705c5a0f0dd98914cbf28711ac 6896 509896

Strings analysis - File found

Library
%s%s.dll
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
ole32.dll
USER32.dll
GDI32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 9

http://s.symcb.com/universal-root.crl0
https://d.symcb.com/cps0%
http://s.symcd.com06
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
http://nsis.sf.net/NSIS_Error
https://d.symcb.com/rpa0@
http://ts-ocsp.ws.symantec.com0;
https://d.symcb.com/rpa0.
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0

Import functions

Name Latest seen MD5
vbc.exe 2022-03-22 21:32:04 a7ff9d6ac75f5a8e46de69043e142416
Equivoluminal6.exe 2022-03-27 19:39:02 37ad1e65666e75dbe7235a60e5e2a09a
vbc.exe 2022-04-05 20:36:02 21d9fd5a0644c27d57f9b39cec04d780
Reported.exe 2022-04-22 18:23:02 dd7dc45de8376c2698113dbd4be04871
bena.exe 2022-04-25 17:17:02 03a7feb739f98820f92e25fe8d8d55a9
vgp.exe 2022-04-26 18:33:02 5bc069f8644f6e6ad5a1df00def3ae51
mic.exe 2022-04-26 19:24:02 4a039ccf1c333214953856f96659e016
d1.exe 2022-05-05 08:10:02 2d7346894efa8803eaa27ef2f2f723b9
d2.exe 2022-05-05 08:11:01 eabd968d3bd07d857e816b7e8c4fb006
EF.exe 2022-05-05 08:17:01 e6858850ced6520506513ea119640e65
m3.exe 2022-05-05 08:20:01 8f18bb71f42a1eb3fdb1de3ee5f6d06b
vbc.exe 2022-05-10 13:02:02 643eead21d07a4bb7c11bb4c7459f898
vbc.exe 2022-05-10 13:03:03 54b3f1c51ae8550134a0d40970b455a9
o1.exe 2022-05-10 13:48:02 8413d6561a7cea036bcb55ce3739c927
vbc.exe 2022-05-10 14:04:02 33096629a4f1afa66342a3eb9ba3a09e
vbc.exe 2022-05-10 14:09:03 cd3ce7188d4c93259f0524b8087a207d
vbc.exe 2022-05-10 17:34:02 8727321276f756618f961727765b792c
vbc.exe 2022-05-10 17:35:02 9eb9e0b2d312768914016744d9361751
duk.exe 2022-05-10 17:40:03 1fb45ed5a8de2d0818db9cc1051ccaad
vbc.exe 2022-05-10 17:42:03 f35d4b7708578a4ad7f16a1c51d41eda
vbc.exe 2022-05-10 19:58:03 c33d399c78bbc6d5f34b50759ce3deda
vbc.exe 2022-05-10 19:59:02 e854767c8344eb7087eb6fb00e078efc
vbc.exe 2022-05-10 20:28:03 8b9e4e9b0b4d1548e9ea574d984991d4
kotr.exe 2022-05-11 17:04:08 a0f036baaf9746f735f4b256c985515c
nedx.exe 2022-05-12 08:42:02 98a602591bf121ef9282ce623291a941
Scan_load.exe 2022-05-12 09:44:02 b116243ed4215cbcb325a827d11cdc68
vbc.exe 2022-05-12 09:45:02 63024416555335f0668d2450f16fed17
vbc.exe 2022-05-12 09:46:04 b78bacf2638d6457c841f5de45d34f24
vbc.exe 2022-05-12 09:49:02 3f4a3a3a87472b777905e5908b6762a6
vbc.exe 2022-05-12 09:50:02 706a52c35a1c1186de5b098fd6cafd8f
SCAN9.exe 2022-05-12 09:53:02 a1e007787cbe3d27a07fbeb2cb0956ad
scrss.exe 2022-05-12 09:55:03 6cc7f4dc6d60f6b01b7164532f4d4fe6
vbc.exe 2022-05-12 09:58:03 b09f17c52adfbbf6c3e91e84a404b112
sepat.exe 2022-05-12 10:00:04 bd445ce54588f3ea14c6ef52fe6470e7
vbc.exe 2022-05-12 11:21:02 bce919cf4fa0ea578e827b11c9966dad
vbc.exe 2022-05-12 11:23:02 0af7fbb3b5a2a7059555859c4c1db8f9
vbc.exe 2022-05-12 11:25:02 c85a753c46e005748eb59d6d062d596c
vbc.exe 2022-05-12 11:26:02 2c24fa42140a8a16f3777173a2d3f0ab
vbc.exe 2022-05-12 11:27:02 5aced01eb87f9b45da181121f2c5f510
vbc.exe 2022-05-12 12:29:04 d9a63266613ba6cc68ac317ef99f5fdd
vbc.exe 2022-05-12 20:30:02 e647eb555d9cabaf7997da05d2195ad0
vbc.exe 2022-05-12 20:50:02 0eb62853b63f5276c9eb21fff540c8be
vbc.exe 2022-05-12 21:08:02 5d27e82459861cbe558cbe64f1a94b70
vbc.exe 2022-05-12 21:25:03 7d230009eab36798f73226c3adc7ac8e
vbc.exe 2022-05-12 21:26:03 98f9e6fdd56e13f7cedb352712cdcccb
vbc.exe 2022-05-12 21:28:02 4b29dbf34a5049758ec7e986a6a85c7f
vbc.exe 2022-05-12 22:26:03 9c62175af4cb7d4581c22df0555e0c0a
copy_load.exe 2022-05-13 17:15:02 b5691d968eccd79d3b535e2686cb1a03
vbc.exe 2022-05-13 17:25:02 f850bf6bfd9be6aa4d73b6a026986c29
vbc.exe 2022-05-13 17:26:02 21f7996aa488b062d4c0725eb6f23b2c
vbc.exe 2022-05-13 17:28:02 69250f55fbfe48822c838b4eeaf33a0a
BUSY.exe 2022-05-13 17:29:03 029bbe98a216416eb698ca543a5c0830
vbc.exe 2022-05-13 17:30:03 e437b563de87f3d825a87269e16fdd50
vbc.exe 2022-05-13 18:53:04 5af1c7dd89a535dee51c3e28b4a74f8d
vbc.exe 2022-05-14 15:38:02 de76ef6a11a63efc00b0303888bc0b7f
vbc.exe 2022-05-16 00:01:02 3fe3699a62de454defd75c884f72dfee
vbc.exe 2022-05-16 07:43:02 e95ec4d6653fd04defa43e0503d4314a
vbc.exe 2022-05-16 11:33:02 4f2b5d6712ca51ba7619581acc9e6c06
Swift0022.exe 2022-05-16 15:09:02 6b652bdcd4da5e522480b3175938b26c
vbc.exe 2022-05-16 15:10:02 62a3e5d4ed5c3edf4f5b2aa432511a84
vbc.exe 2022-05-16 15:24:01 b6a0b45c78db4ee37368efd93ecfffac
vbc.exe 2022-05-16 15:26:02 2d4739ab2d34eec849d903e05e8e0eb4
vbc.exe 2022-05-17 08:31:02 8118e5d37ebfabb1c197b307bb5d6e43
vbc.exe 2022-05-17 10:38:02 38e8bb23fbdf63faa5c2c8729ac52f9e
jnstp.exe 2022-05-17 11:44:05 f32d1f6e94da654932e73e42f0f4773a
vbc.exe 2022-05-17 11:46:02 4e1ea6968374c2122d2fe747e4bfbb79
vbc.exe 2022-05-17 11:49:02 401d189e5da7d6d6d490a4ed29a5538a
maxva.exe 2022-05-17 11:56:07 1f1cd20b6c5e777bc87e3e7b1722563c
Swift%20Payment%20Copy%200522.exe 2022-05-17 12:59:02 86bbe0769ec9dfc1477801e40aa65d85
vbc.exe 2022-05-17 17:58:02 e78afca36c1a8c02b8adca514a527e05
vbc.exe 2022-05-18 05:31:02 8933cba2367b3dff27fb3f09822cba40
PO4550358074.exe 2022-05-18 16:38:02 ed9c16720462e8381b5048cd57be1532
po%20kipo000903%20%20(%20kind122822%20).exe 2022-05-18 19:13:02 22bde89a8afcad7436370bcbc8a6b1ea
dj.exe 2022-05-18 19:47:03 dd6738b8bd7f1450c7c21f6bd71b6fa2
koboko.exe 2022-05-19 09:02:05 57e6d8c2eb8585c0250814c8a8be2b9b
vbc.exe 2022-05-19 16:31:02 851bfdd07219ce507c79fa16dc106490
vbc.exe 2022-05-19 16:37:01 c3d24ca1d36fa354df3de6ca57a979d4
domla.exe 2022-05-19 17:26:06 aee375e4146251b66ba38231c842eb87
vbc.exe 2022-05-19 18:16:02 d85f82b6c267725dbef70ba110f5b972
vbc.exe 2022-05-19 18:19:02 4e59abfcc6537ad26941fa659093991f
vbc.exe 2022-05-19 18:29:02 0c5c5af36d67e89a321bff54e6f6e431
vbc.exe 2022-05-19 21:00:03 0d5c12ef90391b5bfc0dedeca59476b6
vbc.exe 2022-05-19 21:22:03 e2af2968f48cda473f9d64b989c4e2da
vbc.exe 2022-05-20 01:47:02 aa6422a82c0bf522ed68ecbedf0755c4
vbc.exe 2022-05-20 03:56:01 7b7351bdf7eec81ce0dcb0c1cdd097b8
vbc.exe 2022-05-20 03:58:02 fefc83495ed902d83c464f33c73be672
vbc.exe 2022-05-20 03:59:01 3369ce745b233c6036e13b9b9cea8478
vbc.exe 2022-05-20 20:58:03 8133ee977a0f5e8649fdf16976ff84fc
o1.exe 2022-05-21 01:11:02 00a05a9a172996c6178c6800c9971b09
abl.exe 2022-05-24 22:26:02 f46edbe315ff60d02ce7c243edda1072
droidttrre.exe 2022-05-25 22:48:02 2a384e15f8133c8b9ecefa4da1d96cee
Lifeleaf2.exe 2022-05-26 04:41:02 09d431a8321ec75d7ff057787c319897
Quo1.exe 2022-05-31 16:33:02 cb9459350c5e818cb575633db0a416b8
Qu2.exe 2022-05-31 16:35:02 607f782a718c2472fdcba8740677d2a1
vbc.exe 2022-06-07 19:05:03 72e4ed6e48b1e928279015c70d7f3aa6
vbc.exe 2022-06-10 05:04:03 7e9add08e21c0191128a77f1115eb03f
vbc.exe 2022-06-14 10:26:02 38a9d938eee5ea7e6533c84ddd8d0aa2
vbc.exe 2022-06-14 12:02:03 b68226a19cd3638b4c4e91cbae5352f3
Kyssene3.exe 2022-06-21 12:28:07 c37e6f5da00efca227af3989fbc79748
vbc.exe 2022-06-22 23:51:02 c348de43b0f16779c94ed0d15185e675
zolotink.exe 2022-07-01 12:05:02 6afcd8e27e808d0453012d342d666c92
ussfe3.exe 2022-07-01 12:07:02 c129048556088244b16d23deb7720e4b
vbc.exe 2022-07-04 20:52:03 0e7a3eeac6f7b7e5d2ebe6b603c8374d
mee.exe 2022-07-04 20:53:03 2ccb4fdc466c751e7f2114ae1bc2e413
vbc.exe 2022-07-05 17:51:02 7a6a3cba11533760965c27a15a921668
a1.exe 2022-08-02 07:16:38 aa849555aeb4215ef866b999ec67824c
abc.exe 2022-08-04 23:29:05 13d3828002bbe548ed0b85321e15c72c
se.exe 2022-08-05 01:40:02 977f07ae0d305258efd0012996fc3b24