DigitalSide Threat Intel

NOTallowedtocrypt.exe

First submission 2023-02-03 20:45:01 Last sumbission 2024-10-16 17:39:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 475.5 KB (486912 bytes)
Compile time: 2023-01-25 12:44:34
MD5: 2b8f487213f3da1f42779e22d7b02d1a
SHA1: 77c96429d6facbd1900290c9cbfed378103b8e01
SHA256: a4da37e92ca54c8851ad144fba875b61e2018f69bbe43b11926d8f8d831b56f0
Import Hash : b1c8f7572a6db205362528e88fd3ff32
Sections 7 .text .rdata .data .tls .gfids .rsrc .reloc
Directories 5 relocation tls debug resource import

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 47/70 VT report date: 2023-02-02 10:12:07

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://raw.githubusercontent.com/mariolalo/myrec/main/NOTallowedtocrypt.exe VirusTotal Report raw.githubusercontent.com VirusTotal Report 2024-10-16 17:39:09

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x555bb 349696 bc85dc0010544a21118fed886b7d11452b609ef7 bad97c32fa916b5dae9dce88fa76c5a9
.rdata 0x57000 0x177bc 96256 280a8d96fa1ff84da4e466fd6bc259e63f9e40ec b177746f7c48d4724dcd5262d428d384
.data 0x6f000 0x5c7c 3584 8d23d50606bc47d6a7f5a433a31f5e02cbd23142 8027eead55c14c95a9766235c5ba77e1
.tls 0x75000 0x9 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.gfids 0x76000 0x230 1024 72390d3ac460d0281d4d8fa9da88042e7962dc81 24739457a67b971b4cfd1f5ebe27f588
.rsrc 0x77000 0x4b88 19456 41018124779f5ab4a24f26ba066e105ea784cd33 a9f5acdfc83c65b8bbec3f6e6e8721a8
.reloc 0x7c000 0x3a98 15360 dd53f249ac9880ca44572adf99cdd23ce3bd2a89 aa565c6304aed085d427f314dcba6f51

Packers detected 2

VC8 -> Microsoft Corporation
Microsoft Visual C++ 8

Strings analysis - File found

Library
GDI32.dll
ole32.dll
urlmon.dll
gdiplus.dll
Powrprof.dll
SHELL32.dll
WININET.dll
USER32.dll
PSAPI.DLL
WS2_32.dll
ADVAPI32.dll
WINMM.dll
SHLWAPI.dll
KERNEL32.dll
ntdll.dll
mscoree.dll
Text
license_code.txt
\sysinfo.txt
Database
\key3.db

Strings analysis - Possible URLs found 1

http://geoplugin.net/json.gp

Related files by ImpHash 1 b1c8f7572a6db205362528e88fd3ff32

Name Latest seen MD5
ducktest.exe 2023-05-23 10:12:02 b3864b662f83cff2f63b3c29768b1823