tqh64.exe
First submission 2024-09-03 17:24:01
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 273.0 KB (279552 bytes) |
Compile time: | 2024-08-26 22:55:20 |
MD5: | 2d8bfa12ffd53e578028edae844e7611 |
SHA1: | a0db3c316b9fc54b056ccb4cf284b90c95bfa605 |
SHA256: | d61d2772dc9bd808c17c2862d4be8aa61ccc6851012967e82b2f514f94ab6f97 |
Import Hash : | 9fd5b8944ce9c3acaedc650793d4996e |
Sections 4 | .text .rdata .data .reloc |
Directories 2 | import relocation |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 48/79 VT report date: 2024-09-03 17:04:27 |
Malware Type 1 | trojan |
Threat Type 3 | zard mint lumma |
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x37754 | 227328 | 553a203768fd74f1685a9745e00fd1996c856e5d | 6dca734ec070431aa6c5d6802c85fb53 | |
.rdata | 0x39000 | 0x2855 | 10752 | f560416efab31697e01d42955ef83941556d0e77 | 5ea9f2c5be9e4d96f6ba7214a61186bc | |
.data | 0x3c000 | 0xee0c | 23040 | 75890910df72bc827cedf3e6ee4e9029050cdc00 | ffbb377bd50b96fc22a2585279214d38 | |
.reloc | 0x4b000 | 0x4384 | 17408 | fa377880ae22fa44159d823364cde7a200ff8eaa | 7839aee1a8bc3595a7f9b42ce936b3db |
Strings analysis - File found
Library |
ole32.dll |
GDI32.dll |
USER32.dll |
OLEAUT32.dll |
KERNEL32.dll |
Import functions
Name | Latest seen | MD5 |
---|---|---|
u888.exe | 2024-08-29 08:16:02 | f4d6d6ea62cb666b6fee9d00bdb77350 |
yr68.exe | 2024-08-31 16:12:02 | ea321922de9babb9a9b8e25bed931ff6 |
ywp.exe | 2024-09-04 21:43:02 | 6a9213568bc6a19895240ff14fd57329 |