lux32.exe

First submission 2024-02-04 18:30:04

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 253.5 KB (259584 bytes)
Compile time: 2022-05-02 13:51:30
MD5: 2d129049627290cb0ece76e92a8643aa
SHA1: 76779a324788828ea6d29ce5e80231619265f35d
SHA256: abeb00c6a877097766ce2bad337df885f7a1e2e12a170fe3830e3b806e9b81d8
Import Hash : 9d7ac77a44667ba5186f7bb12dfd9d42
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://175.24.197.196/lux32.exe VirusTotal Report 175.24.197.196 VirusTotal Report 2024-02-04 18:30:04

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x292e6 168960 4a577fc59542a34c6654f2f14c6d1cd240e7eef0 1eafc4753d54461bad142c5864d0ecab
.rdata 0x2b000 0xb028 45568 07064a46e21e88950c57cacae23818e0a05482b1 e77bda15c7c1e264db0eea35982855a0
.data 0x37000 0xa098 20992 fed20a8b2fb4478054388df90d65123c36be6e96 267142011a1d8e775130f84c8ea3c725
.rsrc 0x42000 0x1b4 512 6e6ab1ba61890c5eb16207bfa2699ffbd56f8654 131ab96a76e30692c2b8b447f8a78161
.reloc 0x43000 0x57dc 22528 d4b9528b0668d5b24b01734065690a8dbf99046f b69554faf4fbb3d20609286dfa1e3e72

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x42058 346

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

FindWindowA
GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
SHELL32.dll
ntdll.dll
WUSER32.DLL
ADVAPI32.dll
okernel32.dll
KERNEL32.dll
WININET.dll
mscoree.dll
NETAPI32.dll
SHLWAPI.dll
WINMM.dll
OLEAUT32.dll
WS2_32.dll
USER32.dll
DINPUT8.dll
ole32.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions

Name Latest seen MD5
32.exe 2024-02-04 18:29:07 9f0408f176f9f9d3095be30eaf39f08f