Order-63729r.exe

First submission 2024-10-15 20:47:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	112.0 KB (114688 bytes)
Compile time:	1992-06-20 00:22:17
MD5:	27864dd446f03f806b26031d97e3377b
SHA1:	18688de552635bfbe9b3afae166b1d86d41eccc4
SHA256:	94d346e862d5850b5d19aefd5053191c47975b2d233958f5145f0390d42c1fbd
Import Hash :	6d1f2b41411eacafcf447fc002d8cb00
Sections 5	CODE DATA BSS .idata .reloc
Directories 2	import relocation

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URL	Host (FQDN/IP)	Date Added
hXXp://217.160.121.141:8030/5643254657/Order-63729r.exe	217.160.121.141	2024-10-15 20:47:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
CODE	0x1000	0x196b0	104448	12f6291fa8c64b3f478907b767329d835786daf9	feaf2e72a4f659a585c0d0b9535269d6
DATA	0x1b000	0x66c	2048	f10488ba381658b00bf5f052264affcec2b91505	c1ef01f2c6a2c3da4b3b7d3b6128db9b
BSS	0x1c000	0x8c5	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0x1d000	0x79e	2048	0f3134155613a4fd8e541f21250cfab0484639ff	556c360ee726e003c5e1f6a038e97572
.reloc	0x1e000	0x135c	5120	bba372c593ca6cc1b2ff90f8f852450a93d763ad	cac55c427defaffc85c1a164a6baac6b

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
Borland Delphi v6.0 - v7.0
BobSoft Mini Delphi -> BoB / BobSoft

RaiseException
UnhandledExceptionFilter

VMCheck.dll

https://dotbit.me/a/
http://ip-api.com/json

gdi32.dll 6 kernel32.dll 50 oleaut32.dll 3 advapi32.dll 6 ole32.dll 2 user32.dll 7

Function	Address	Souspicious	Anti Debug
SelectObject	0x41d1f0
DeleteObject	0x41d1f4
DeleteDC	0x41d1f8
CreateCompatibleDC	0x41d1fc
CreateCompatibleBitmap	0x41d200
BitBlt	0x41d204

Function	Address	Souspicious	Anti Debug
DeleteCriticalSection	0x41d0dc
LeaveCriticalSection	0x41d0e0
EnterCriticalSection	0x41d0e4
InitializeCriticalSection	0x41d0e8
VirtualFree	0x41d0ec
VirtualAlloc	0x41d0f0
LocalFree	0x41d0f4
LocalAlloc	0x41d0f8
GetTickCount	0x41d0fc
QueryPerformanceCounter	0x41d100
GetVersion	0x41d104
GetCurrentThreadId	0x41d108
WideCharToMultiByte	0x41d10c
MultiByteToWideChar	0x41d110
GetThreadLocale	0x41d114
GetStartupInfoA	0x41d118
GetModuleFileNameA	0x41d11c
GetLocaleInfoA	0x41d120
GetCommandLineA	0x41d124
FreeLibrary	0x41d128
ExitProcess	0x41d12c
WriteFile	0x41d130
UnhandledExceptionFilter	0x41d134
RtlUnwind	0x41d138
RaiseException	0x41d13c
GetStdHandle	0x41d140
GetModuleHandleA	0x41d178
WriteFile	0x41d190
Sleep	0x41d194
LocalFree	0x41d198
LoadLibraryExW	0x41d19c
LoadLibraryA	0x41d1a0
GlobalUnlock	0x41d1a4
GlobalLock	0x41d1a8
GetTickCount	0x41d1ac
GetSystemInfo	0x41d1b0
GetProcAddress	0x41d1b4
GetModuleHandleA	0x41d1b8
GetModuleFileNameA	0x41d1bc
GetFileAttributesW	0x41d1c0
GetCurrentProcessId	0x41d1c4
GetCurrentProcess	0x41d1c8
FreeLibrary	0x41d1cc
FindNextFileW	0x41d1d0
FindFirstFileW	0x41d1d4
FindClose	0x41d1d8
ExitProcess	0x41d1dc
DeleteFileW	0x41d1e0
CreateDirectoryW	0x41d1e4
CopyFileW	0x41d1e8

Function	Address	Souspicious	Anti Debug
SysFreeString	0x41d168
SysReAllocStringLen	0x41d16c
SysAllocStringLen	0x41d170

Function	Address	Souspicious	Anti Debug
RegQueryValueExA	0x41d158
RegOpenKeyExA	0x41d15c
RegCloseKey	0x41d160
RegOpenKeyExA	0x41d180
RegEnumKeyA	0x41d184
FreeSid	0x41d188

Function	Address	Souspicious	Anti Debug
OleInitialize	0x41d220
CoCreateInstance	0x41d224

Function	Address	Souspicious	Anti Debug
GetKeyboardType	0x41d148
MessageBoxA	0x41d14c
CharNextA	0x41d150
ReleaseDC	0x41d20c
GetSystemMetrics	0x41d210
GetDC	0x41d214
CharToOemBuffA	0x41d218