amert.exe

First submission 2024-02-04 18:21:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2607.0 KB (2669568 bytes)
Compile time: 2024-02-04 16:51:37
MD5: 2cacce0bad26aa9301f32a1a7e2dda39
SHA1: fc2bd435311933fcf7f8bf4227c8a65a42073db9
SHA256: 8111d1cf423d5496e7c48e6177cae3ed3d83aae6097ef206f55b870de951933a
Import Hash : 0980a5bdf7b225ee6a859c0ebee6a4b5
Sections 8 .rsrc .data
Directories 5 import export resource tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.107.182.3/mine/amert.exe VirusTotal Report 109.107.182.3 VirusTotal Report 2024-02-04 18:21:02

PE Sections 7 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x4e000 144384 59a8848eb42b5346a05e48af830433d915e66c0c ccae63d355e4dbc5f571490622c5e6cf
0x4f000 0x12000 26624 6835bc05ecb42c2998b042afa988d7d6f942263a b639abd3dbcb28cf3fee0f9683720645
0x61000 0x5000 2560 24f934d06a3705977dd730aac2f70a03fd99afcd 976fe39b475e2640639fbc15ded92b2b
0x66000 0x1000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
0x67000 0x5000 15360 0f0c9e28f60cf3158fb397ac5cebe58ed3b04287 246d723af4bbdd76e723685c96745df1
.rsrc 0x6c000 0x1000 512 a62b64d018770bdc8b45fbf94797233806e19b27 3200db4caaaec0f175703eb0e0321803
0x6d000 0x78e000 206848 b53cab32b5e013a3c7ea8ace5ef7a1ce1b82ffa3 178df82d625ad6fda40dad875a1123a9
.data 0x7fb000 0x22b000 2272256 d802bc6481f560e30c42ae7260f779d62da70ad4 109f7f392340dfcccf95d2126125d2c2

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x6c058 381

Strings analysis - File found

Library
OLEAUT32.dll
USER32.dll
WS2_32.dll
WININET.dll
GDI32.dll
KERNEL32.dll
ADVAPI32.dll
VERSION.dll
ole32.dll
SHELL32.dll

Strings analysis - Possible URLs found 3

http://pki-ocsp.symauth.com0
http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0

Import functions