SFX-master.exe

First submission 2024-02-07 18:21:03

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 4544.0 KB (4653056 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 276e222938520cbb4c543f45e65e463f
SHA1: 96a78a7dbee03dce0748ea8fb1a295232e7d027b
SHA256: bd546aa016fc5a48c8c613816af6b0fdf4403ad2dcae86ab8a891d200448365f
Import Hash : c595f1660e1a3c84f4d9b0761d23cd7a
Sections 12 .text .data .rdata .pdata .xdata .bss .edata .idata .CRT .tls .rsrc .reloc
Directories 5 import export resource tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://transfer.sh/get/lSplfs498d/SFX-master.exe VirusTotal Report transfer.sh VirusTotal Report 2024-02-07 18:21:03

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1a5280 1725440 a3c6b1569cf656823b3e05e007bfdaac5e03ad10 cc089fefc8d470d24f74953931c20c4c
.data 0x1a7000 0x1e0b0 123392 e46f9fdfd7f8c22163a9d5b35b38d1a600ec4241 02e64e0e8f0a4eddb4a96b633a3367e1
.rdata 0x1c6000 0x27c610 2607104 358da41210d10cc3bd1ca801cf7de6ac093c8069 8dbc8b60fe6d2077a1555630de953036
.pdata 0x443000 0x9dc8 40448 b4719b8505a5d840aba93935898b1803f8f9787f 6b8f7e9bf13330fcabf07e41bb0a33b7
.xdata 0x44d000 0xc50 3584 becdda51752c415245ce9b3148ff51ce13c777b6 3bc3b9f11c184878ba40f99085a47b77
.bss 0x44e000 0x8cae0 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.edata 0x4db000 0x4e 512 2389adfcf583da98a4d9de0391ba9f76114e8152 d8d99ac25395e288d13d067f7d9fb44f
.idata 0x4dc000 0x1458 5632 6b4811bbc424f274626a7646fad964c0b6332a17 d347d10c5197511e108b235c16f4c354
.CRT 0x4de000 0x70 512 6964e5c837f28f7b7b3a2419356a1fdaf90106a9 7a0e37372f611008106cdacfc15822b2
.tls 0x4df000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x4e0000 0x1ab7f 109568 979346b0dd60698ac7d4ba6d34fc241a86c879aa 174d7fac21ec1dbb81468b1170b899a8
.reloc 0x4fb000 0x89c8 35328 b79e99be5299abee149df37de80218c9356871bc 49ec2d48c0fe647483a6520bc1e9128c

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x4f9c04 1128
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x4fa06c 90
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x4fa0c8 1476
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x4fa68c 1267

Meta infos 11

LegalCopyright: @ 2024 SFX Technology, Inc. All rights reserved.
InternalName: SFX
FileVersion: 5.3.2.5
CompanyName: SFX Machine Group
LegalTrademarks:
Comments:
ProductName: SFX-master
ProductVersion: 5.3.2.5
FileDescription: Home At GMB, The World's leading Tier 1 Manufacturer of OE and Aftermarket Automotive Parts. ... GMB is one of the largest global OE and Aftermarket automotive manufacturers. Since 1943, GMB's manufacturing quality has been recognized within the industry, beginning with Universal Joints, Water Pumps, and Tensioner & Idler Bearings
Translation: 0x0409 0x04b0
OriginalFilename: SFX-master.exe

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 4

GetLastError
IsDebuggerPresent
OutputDebugStringA
RaiseException

Anti debug functions 1

Virtual Box

Strings analysis - File found

Log
github.com/saferwall/pe/log.(*stdLogger).Log
github.com/saferwall/pe/log.(*Filter).Log
math.Log
Library
WINMM.dll
ntdll.dll
WS2_32.dll
bcryptprimitives.dll
Powrprof.dll
KERNEL32.dll
type:.eq.syscall.DLL
type:.eq.golang.org/x/sys/windows.DLL
*windows.DLL
*syscall.DLL
MSVCRT.dll

Strings analysis - Possible IPs found 7

5.3.2.5
5.4.112.5
2.5.4.102
5.4.32.5
2.5.4.62
72.5.4.82
4.52.5.4

Strings analysis - Possible URLs found 2

http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings

Import functions

PE Exports 1 suspicious

Function Address
_OvTYEZUOUYwfdxCO 0x1404d9d10