1.exe
First submission 2024-09-02 19:57:10
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 1488.0 KB (1523712 bytes) |
Compile time: | 2021-04-30 02:40:41 |
MD5: | 2978ce3b334332c2bf8e6c45652c599c |
SHA1: | d297e5a04848168db55cb7aa43ec9f68e88e3ff5 |
SHA256: | f17af5296ff826f4199381574dccb3dcb8a5deeb811e40929f95c722ab70aeb7 |
Import Hash : | 729ab4da9f34412c8013b3726badf296 |
Sections 4 | .text .rdata .data .rsrc |
Directories 2 | import resource |
File features detected
Signed
XOR
OSINT Enrichments
Virus Total: | 54/79 VT report date: 2024-09-02 19:36:48 |
Malware Type 1 | trojan |
Threat Type 3 | dump farfli killmbr |
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x2ba43 | 180224 | dfa2a20bb34a14a2507dd00fcfd0212cf792c402 | 8acfc8086a799e4ff5b6eaa3b143504c | |
.rdata | 0x2d000 | 0xb466 | 49152 | bb1d37f9c19e13e4ced4472895a2b907c7e6471b | bc5359ee8d090c4adaf8f0f0099c57cf | |
.data | 0x39000 | 0x13ad28 | 1273856 | 8c4ed41ce619e78a3c5cd33dfb84e8cd318c71ee | 2926f95c86a9b73353104c391d49a826 | |
.rsrc | 0x174000 | 0x3608 | 16384 | 016dfbd7c74af3f00265d4171b83d0e416d12ac2 | eea61bca76185ddb0586a56f7638ce27 |
PE Resources 11
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_CURSOR | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x175710 | 180 | |
RT_BITMAP | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x1760e8 | 324 | |
RT_ICON | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x174be8 | 296 | |
RT_MENU | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x175088 | 308 | |
RT_DIALOG | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x175dd8 | 226 | |
RT_STRING | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x1774c8 | 320 | |
RT_ACCELERATOR | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x1751c0 | 96 | |
RT_GROUP_CURSOR | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x1757c8 | 34 | |
RT_GROUP_ICON | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x174d10 | 34 | |
RT_VERSION | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x1752f8 | 736 | |
None | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0x175070 | 24 |
Meta infos 10
LegalCopyright: | \x7248\x6743\x6240\x6709 (C) 2021 |
InternalName: | wwwdada |
FileVersion: | 1, 0, 0, 1 |
CompanyName: | |
ProductVersion: | 1, 0, 0, 1 |
FileDescription: | wwwdada Microsoft \x57fa\x7840\x7c7b\x5e94\x7528\x7a0b\x5e8f |
LegalTrademarks: | |
Translation: | 0x0804 0x04b0 |
OriginalFilename: | wwwdada.EXE |
ProductName: | wwwdada \x5e94\x7528\x7a0b\x5e8f |
Packers detected 3
Microsoft Visual C++ v6.0 |
Microsoft Visual C++ 5.0 |
Microsoft Visual C++ |
Anti debug functions 5
GetLastError |
GetWindowThreadProcessId |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Anti debug functions 1
VMCheck.dll |
Strings analysis - File found
Library |
ADVAPI32.dll |
OLEAUT32.dll |
oledlg.dll |
GDI32.dll |
WSOCK32.dll |
USER32.dll |
SHELL32.dll |
COMCTL32.dll |
ole32.dll |
OLEPRO32.DLL |
KERNEL32.dll |
COMDLG32.dll |
Strings analysis - Possible IPs found 1
23.224.239.91 |