pxd.exe

First submission 2024-02-10 01:01:44

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 537503.62 KB (550403703 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 2a71e1db8b9fcb21c95562ad4830e074
SHA1: cca7f5384c77e6d0f51cf0575f8fe19e76d455a5
SHA256: 76846f4e31fd36ab01f605e26cbcfda5b9e40b865b636fc5c0cb18e476818798
Import Hash : d67ee6607bbc19dbb5da771971f8b90a
Sections 8 .text .data .rdata .bss .idata .CRT .tls .rsrc
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://37.48.88.173/gtg/pxd.exe VirusTotal Report 37.48.88.173 VirusTotal Report 2024-02-10 01:01:44

PE Sections 5 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x99f0 39424 bde83ad134d30c5163770f7d931b20b6957a8631 aee982858c412ceb6af96d2da3068960
.data 0xb000 0x38 512 07fce524abb3318d78f58274acb436cfc4f4a8c3 402e682b5ef4cfc4b27a3bb1da4048a4
.rdata 0xc000 0x5008 20992 fe0f6d8b877d6075f16ff8dfa37e23fed597396e 8bfb0ecac1fc615c56762732a6d45dd9
.bss 0x12000 0xc698 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1f000 0xbbc 3072 330eac1a04b4cc194c40cef5eef067f71bba4e7b 83f5ce5d9a68a49299ae90e9cd91badd
.CRT 0x20000 0x34 512 3298d3b6cfb99e83e9b140a5c660791926e486b2 a58f7b8492558123b26aaa6b66f63276
.tls 0x21000 0x20 512 a65173c76aab687aa484dd4bd12d873e95b1c0c4 88ccc80dac4bd1f9148b2513bb8c801b
.rsrc 0x22000 0x20680910 543689216 c76f2bd2f4f8b618f3b7ea558e59ecb0abddcfb7 f030e2bb782126dbe4f6074e0a7cd86a

PE Resources 14

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_ENGLISH SUBLANG_ENGLISH_US 0x24330 2
REGISTRY LANG_NEUTRAL SUBLANG_NEUTRAL 0x243f4 1122
RT_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x2498c 308
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0x635a4 3304
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x136b5c 1128
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_US 0x136fc4 1894
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x147230 1044
RT_ACCELERATOR LANG_DUTCH SUBLANG_DUTCH 0x147644 16
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x103f3e84 271239213
RT_GROUP_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x206a06c8 20
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x206a0774 76
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x206a07c0 980
RT_HTML LANG_ENGLISH SUBLANG_ENGLISH_US 0x206a0b94 7028
None LANG_ENGLISH SUBLANG_ENGLISH_US 0x206a28e8 40

Meta infos 11

LegalCopyright: Copyright (C) 2008-2023 Ashampoo Technology GmbH Co. KG
InternalName: Ashampoo Burning Studio FREE
FileVersion: 1.24.13.27 (7110)
CompanyName: Ashampoo
LegalTrademarks1:
LegalTrademarks2:
ProductName: Ashampoo Burning Studio FREE
ProductVersion: 1.24.13
FileDescription: Ashampoo Burning Studio FREE
Translation: 0x0409 0x04b0
OriginalFilename: burningstudio.exe

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll
openh264.dll
MSVCRT.dll
bmfcm90u.dll
bpywintypes27.dll
python27.dll
bpython27.dll
bmsvcp90.dll
bmsvcm90.dll
bMSVCR90.dll
bmfcm90.dll
bpythoncom27.dll
USER32.dll
python%02d.dll
bmfc90.dll
WS2_32.dll
bmfc90u.dll

Strings analysis - Possible IPs found 2

3.4.6.3
1.24.13.27

Strings analysis - Possible URLs found 21

http://s.symcb.com/universal-root.crl0
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://s2.symcb.com0
https://d.symcb.com/rpa0.
http://www.mdisc.com/m-ready/
https://d.symcb.com/rpa0@
http://namespace.ashampoo-tech.com/report/1.0
http://www.symauth.com/cps0(
https://d.symcb.com/rpa0
http://s.symcd.com06
http://sv.symcd.com0&
http://www.symauth.com/rpa00
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
http://sv.symcb.com/sv.crl0a
http://ts-ocsp.ws.symantec.com0;
http://s1.symcb.com/pca3-g5.crl0
https://d.symcb.com/cps0%
http://sv.symcb.com/sv.crt0
http://namespace.ashampoo-tech.com/report/ashampoo/1.0
http://namespace.ashampoo-tech.com/report/acdw/1.0
http://www.w3.org/TR/html4/strict.dtd

Import functions