tqh64.exe

First submission 2024-09-03 17:24:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 273.0 KB (279552 bytes)
Compile time: 2024-08-26 22:55:20
MD5: 2d8bfa12ffd53e578028edae844e7611
SHA1: a0db3c316b9fc54b056ccb4cf284b90c95bfa605
SHA256: d61d2772dc9bd808c17c2862d4be8aa61ccc6851012967e82b2f514f94ab6f97
Import Hash : 9fd5b8944ce9c3acaedc650793d4996e
Sections 4 .text .rdata .data .reloc
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 48/79 VT report date: 2024-09-03 17:04:27
Malware Type 1 trojan
Threat Type 3 zard mint lumma

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://147.45.44.131/files/tqh64.exe VirusTotal Report 147.45.44.131 VirusTotal Report 2024-09-03 17:24:01

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x37754 227328 553a203768fd74f1685a9745e00fd1996c856e5d 6dca734ec070431aa6c5d6802c85fb53
.rdata 0x39000 0x2855 10752 f560416efab31697e01d42955ef83941556d0e77 5ea9f2c5be9e4d96f6ba7214a61186bc
.data 0x3c000 0xee0c 23040 75890910df72bc827cedf3e6ee4e9029050cdc00 ffbb377bd50b96fc22a2585279214d38
.reloc 0x4b000 0x4384 17408 fa377880ae22fa44159d823364cde7a200ff8eaa 7839aee1a8bc3595a7f9b42ce936b3db

Strings analysis - File found

Library
ole32.dll
GDI32.dll
USER32.dll
OLEAUT32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
u888.exe 2024-08-29 08:16:02 f4d6d6ea62cb666b6fee9d00bdb77350
yr68.exe 2024-08-31 16:12:02 ea321922de9babb9a9b8e25bed931ff6
ywp.exe 2024-09-04 21:43:02 6a9213568bc6a19895240ff14fd57329