XW_XXGL.exe
First submission 2024-10-15 19:45:32
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 1775.65 KB (1818262 bytes) |
| Compile time: | 1992-06-20 00:22:17 |
| MD5: | 287e053b16638686ec2912d347223092 |
| SHA1: | 18ee2e44b151564e9b604ab31dc33424addbfad9 |
| SHA256: | fa31f40154834169fbcd7bebaa289447ac162e96cb78e410e5d789ebd1e476ce |
| Sections 8 | CODE���� DATA���� BSS����� .idata�� .tls���� .rdata�� .reloc�� .rsrc��� |
| Directories 4 | import resource tls relocation |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://data.yhydl.com:20006/file/XWGL/XW_XXGL.exe  |
data.yhydl.com |
2024-10-15 19:45:32 |
PE Sections 2 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| CODE���� | 0x1000 | 0x2a07c8 | 2754560 | 37bf3229193f27a908f65b6066280c56af488aa8 | d0dfb1b30f33dbace6acd9b71c49913a | |
| DATA���� | 0x2a2000 | 0x7308 | 29696 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| BSS����� | 0x2aa000 | 0x1aa1 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .idata�� | 0x2ac000 | 0x34cc | 13824 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .tls���� | 0x2b0000 | 0x18 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rdata�� | 0x2b1000 | 0x18 | 512 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .reloc�� | 0x2b2000 | 0x2c468 | 181760 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rsrc��� | 0x2df000 | 0xda200 | 893440 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e |
Strings analysis - File found
| XML |
| http://www.borland.com/rootpart.xml |
| Library |
| MAPI32.dll |
| mtxex.dll |
| USER32.dll |
| UxTheme.dll |
| COMCTL32.dll |
| ole32.dll |
| IMM32.dll |
| OLEAUT32.dll |
| KERNEL32.dll |
| riched32.dll |
| vcltest3.dll |
Strings analysis - Possible IPs found 3
| 5.60.03.29 |
| 127.0.0.1 |
| 2.4.0.4 |
Strings analysis - Possible URLs found 10
| http://www.w3.org/2000/10/XMLSchema |
| http://schemas.xmlsoap.org/wsdl/ |
| http://www.borland.com/rootpart.xml |
| http:// |
| http://www.w3.org/1999/XMLSchema |
| http://www.w3.org/2000/xmlns/ |
| http://schemas.xmlsoap.org/soap/envelope/ |
| http://www.w3.org/2001/XMLSchema |
| http://www.w3.org/2001/XMLSchema-instance |
| http://schemas.xmlsoap.org/soap/encoding/ |