Doc.exe

First submission 2024-10-01 12:10:03 Last sumbission 2024-10-15 18:34:03

File details

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type:	application/x-dosexec
File size:	15503.5 KB (15875584 bytes)
Compile time:	1970-01-01 01:00:00
MD5:	2746a7120bce30e9230a2e71a9ad909f
SHA1:	506c97a2e62a2c962dbd283b2344e73cac4f8271
SHA256:	4480d314657f84b2f829fb85fe6603c288bd9262e00e752e475c2a315dd2013f
Import Hash :	f0ea7b7844bbc5bfa9bb32efdcea957c
Sections 6	.text .rdata .data .idata .reloc .symtab
Directories 2	import relocation

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URL	Host (FQDN/IP)	Date Added
hXXp://ns1.smlms.mr/Doc.exe	ns1.smlms.mr	2024-10-15 18:34:08

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x942dfd	9711104	b0bba13b3b878b0f7cbd088a0557238cc163a8d3	24cfd1142cf5ef1cde557551d4e6c91b
.rdata	0x944000	0x578158	5734912	987762ad544aec29d4b2198f9c007bd85fe78510	c6f09c58d59d65f22427926bde3132aa
.data	0xebd000	0xaf350	266752	8196b3bb6e0d899c9d7eb5f717ae8d6bae04193b	05d8eb8b115b53897dd83f07f2f22bc9
.idata	0xf6d000	0x490	1536	c5b74efbfff762d6808765b294f8cdb2524c0143	894ab5241150f06ca87878224acaf6bf
.reloc	0xf6e000	0x26c52	159232	fd6a57d3159a2c1a9d69e94f5f1786db9e2cc533	e427021ec6a780efd307ada8663fb660
.symtab	0xf95000	0x4	512	943ae54f4818e52409fbbaf60ffd71318d966b0d	07b5472d347d42780469fb2654b7fc54

http://invalidkpasswdlookup

kernel32.dll 40

Function	Address	Souspicious	Anti Debug
WriteFile	0x12bd040
WriteConsoleW	0x12bd048
WaitForMultipleObjects	0x12bd050
WaitForSingleObject	0x12bd058
VirtualQuery	0x12bd060
VirtualFree	0x12bd068
VirtualAlloc	0x12bd070
TlsAlloc	0x12bd078
SwitchToThread	0x12bd080
SuspendThread	0x12bd088
SetWaitableTimer	0x12bd090
SetUnhandledExceptionFilter	0x12bd098
SetProcessPriorityBoost	0x12bd0a0
SetEvent	0x12bd0a8
SetErrorMode	0x12bd0b0
SetConsoleCtrlHandler	0x12bd0b8
ResumeThread	0x12bd0c0
PostQueuedCompletionStatus	0x12bd0c8
LoadLibraryA	0x12bd0d0
LoadLibraryW	0x12bd0d8
SetThreadContext	0x12bd0e0
GetThreadContext	0x12bd0e8
GetSystemInfo	0x12bd0f0
GetSystemDirectoryA	0x12bd0f8
GetStdHandle	0x12bd100
GetQueuedCompletionStatusEx	0x12bd108
GetProcessAffinityMask	0x12bd110
GetProcAddress	0x12bd118
GetEnvironmentStringsW	0x12bd120
GetConsoleMode	0x12bd128
FreeEnvironmentStringsW	0x12bd130
ExitProcess	0x12bd138
DuplicateHandle	0x12bd140
CreateWaitableTimerExW	0x12bd148
CreateThread	0x12bd150
CreateIoCompletionPort	0x12bd158
CreateFileA	0x12bd160
CreateEventA	0x12bd168
CloseHandle	0x12bd170
AddVectoredExceptionHandler	0x12bd178

Name	Latest seen	MD5
test1.exe	2023-04-17 11:53:05	eae20dc5eacb216a11b23d6a8c0e33d7
torbrowser-install-win64-12.0.7_ALL.exe	2023-06-19 06:03:03	92c0b25164e3d01e24e33a18ec2c901c
BLONDE_BURN-OUT.exe	2024-05-30 14:49:03	9cfae68caf4b61735e80d67f0d40783a
BEWILDERED_PERFORMANCE.exe	2024-05-30 14:50:03	8a507369e99f1dfd5e592ef24ce405d7
PAYABLE_USER.exe	2024-05-30 14:51:03	ea33b7eb965d8b552a75349946963151
my.exe	2024-07-07 16:54:27	6470b936622d9502880cae6452d1bb48
EXACT_ITEM.exe	2024-07-08 20:46:09	9babf09115135e3726636ed32790bd36
999.html	2024-09-25 12:31:21	e0b11d0fba0e8c49d4f268e831bccc7a
WG.exe	2024-09-28 16:30:09	4af44ceaf166bd6c4f8c328ccc2263b7
MTLS.exe	2024-09-28 16:40:11	f34858ad51b208fba47332eebcfa2cd0
test	2024-10-06 13:12:29	b0ae4f9828164bfe4c0187529b8800cb
Swift-Stage1-Obfuscated.exe	2024-10-17 18:57:12	0444eb9fbbf0d5ee3718acafd88e0843
Swift-Beacon-Encrypted.exe	2024-10-17 18:58:07	f6c13f50e458190d3058984b766954dc