1.exe

First submission 2024-09-02 19:57:10

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1488.0 KB (1523712 bytes)
Compile time: 2021-04-30 02:40:41
MD5: 2978ce3b334332c2bf8e6c45652c599c
SHA1: d297e5a04848168db55cb7aa43ec9f68e88e3ff5
SHA256: f17af5296ff826f4199381574dccb3dcb8a5deeb811e40929f95c722ab70aeb7
Import Hash : 729ab4da9f34412c8013b3726badf296
Sections 4 .text .rdata .data .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 54/79 VT report date: 2024-09-02 19:36:48
Malware Type 1 trojan
Threat Type 3 dump farfli killmbr

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://103.144.240.13/1.exe VirusTotal Report 103.144.240.13 VirusTotal Report 2024-09-02 19:57:10

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2ba43 180224 dfa2a20bb34a14a2507dd00fcfd0212cf792c402 8acfc8086a799e4ff5b6eaa3b143504c
.rdata 0x2d000 0xb466 49152 bb1d37f9c19e13e4ced4472895a2b907c7e6471b bc5359ee8d090c4adaf8f0f0099c57cf
.data 0x39000 0x13ad28 1273856 8c4ed41ce619e78a3c5cd33dfb84e8cd318c71ee 2926f95c86a9b73353104c391d49a826
.rsrc 0x174000 0x3608 16384 016dfbd7c74af3f00265d4171b83d0e416d12ac2 eea61bca76185ddb0586a56f7638ce27

PE Resources 11

Name Language Sublanguage Offset Size Data
RT_CURSOR LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x175710 180
RT_BITMAP LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x1760e8 324
RT_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x174be8 296
RT_MENU LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x175088 308
RT_DIALOG LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x175dd8 226
RT_STRING LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x1774c8 320
RT_ACCELERATOR LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x1751c0 96
RT_GROUP_CURSOR LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x1757c8 34
RT_GROUP_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x174d10 34
RT_VERSION LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x1752f8 736
None LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x175070 24

Meta infos 10

LegalCopyright: \x7248\x6743\x6240\x6709 (C) 2021
InternalName: wwwdada
FileVersion: 1, 0, 0, 1
CompanyName:
ProductVersion: 1, 0, 0, 1
FileDescription: wwwdada Microsoft \x57fa\x7840\x7c7b\x5e94\x7528\x7a0b\x5e8f
LegalTrademarks:
Translation: 0x0804 0x04b0
OriginalFilename: wwwdada.EXE
ProductName: wwwdada \x5e94\x7528\x7a0b\x5e8f

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 5

GetLastError
GetWindowThreadProcessId
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
ADVAPI32.dll
OLEAUT32.dll
oledlg.dll
GDI32.dll
WSOCK32.dll
USER32.dll
SHELL32.dll
COMCTL32.dll
ole32.dll
OLEPRO32.DLL
KERNEL32.dll
COMDLG32.dll

Strings analysis - Possible IPs found 1

23.224.239.91

Import functions