xxx.exe
First submission 2024-10-17 00:41:02
Last sumbission 2024-10-18 05:22:02
File details
| File type: | PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 5.5 KB (5632 bytes) |
| Compile time: | 2102-10-22 08:32:40 |
| MD5: | 28b7505a051cf6a0e6ee179ef76be154 |
| SHA1: | c55a9d9449a05067986cace9ff7d8ecef3f68955 |
| SHA256: | 1895cb39da800c897240669ce9a3e39cdf129b89c05f642c98ed324dad32fdb5 |
| Sections 2 | .text��� .rsrc��� |
| Directories 2 | resource debug |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 33/77 VT report date: 2024-10-16 02:36:01 |
| Malware Type 1 | trojan |
| Threat Type 1 | msil |
URLs, FQDN and IP indicators 4
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://156.245.12.221:8000/xxx.exe  |
156.245.12.221 |
2024-10-18 05:22:07 |
| hXXp://156.245.12.57:8000/xxx.exe |
156.245.12.57 |
2024-10-17 06:21:04 |
| hXXp://156.245.12.92:8000/xxx.exe |
156.245.12.92 |
2024-10-17 02:41:07 |
| hXXp://156.245.12.220:8000/xxx.exe |
156.245.12.220 |
2024-10-17 00:41:02 |
PE Sections 0 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x2000 | 0xcc6 | 3584 | 705d407a8e3fb578ffb716b29ea7416da2f30c37 | d278b6e0d752654677d39ece6f45386b | |
| .rsrc��� | 0x4000 | 0x5cc | 1536 | ae0c59b4da2597102bb9846a95e9e0dbe8da6a27 | 9c7ce726ea18d054419eb8742994ddbb |
PE Resources 2
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x4090 | 828 | |
| RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x43dc | 490 |
Meta infos 12
| LegalCopyright: | Copyright \xa9 2024 |
| Assembly Version: | 1.0.0.0 |
| InternalName: | ConsoleApp50.exe |
| FileVersion: | 1.0.0.0 |
| CompanyName: | |
| LegalTrademarks: | |
| Comments: | |
| ProductName: | ConsoleApp50 |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | ConsoleApp50 |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | ConsoleApp50.exe |
Packers detected 2
| Microsoft Visual C++ vx.x DLL |
| Microsoft Visual C++ v6.0 |
Strings analysis - File found
| Text |
| http://156.245.12.57:8000/1222.txt |
| Library |
| KERNEL32.dll |
| USER32.dll |
Strings analysis - Possible IPs found 1
| 156.245.12.57 |
Strings analysis - Possible URLs found 1
| http://156.245.12.57:8000/1222.txt |