build.exe

First submission 2023-09-14 12:51:03

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	315.0 KB (322560 bytes)
Compile time:	2023-09-13 20:50:00
MD5:	2edc8c65202a68d10cb4d775ba91ed1b
SHA1:	5cee7ed20e4d49778c8a7ec88f9b24c395fd7f97
SHA256:	e0f76fec46d5a367fdec67bfef123cb3ab7c6d7edf2efd14ba4c9b635dc6e34b
Import Hash :	f2222f0f215a06acc111aee4e181dfd8
Sections 4	.text .rdata .data .reloc
Directories 2	import relocation
Virus Total:	33/71 VT report date: 2023-09-14 10:34:11

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://mx1.gnarquitectos.online/build.exe	mx1.gnarquitectos.online	2023-09-14 12:51:03

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x37b73	228352	80ee5dc8c3dd44d3171cdce3c7a36401bcf0f564	6fad80c4bb621e41e60e09949886bf35
.rdata	0x39000	0xf8fe	64000	d5c276488641fa3180ff0394e0961bec2f10a9fb	c751c1d7755a2e14e53a1f0f7bd6872c
.data	0x49000	0x15284	7168	10fdfc776025f6d181447c893fa4ae6b63fb4eb7	7b9207dfdf9a812831dadd5e6e507c65
.reloc	0x5f000	0x552e	22016	f1a2fb4c33ff2caad8e0e507b8b5369991bf44b3	7369bbac710872699fd6d9b4e4b19862

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Compressed
htdocs.zip
update.zip
Linker File
*.lnk
Text
\Downloads\%s_%s.txt
\CC\%s_%s.txt
\Autofill\%s_%s.txt
\History\%s_%s.txt
Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
freebl3.dll
OLEAUT32.dll
msvcp140.dll
nss3.dll
mozglue.dll
ole32.dll
RstrtMgr.dll
softokn3.dll
vcruntime140.dll

Strings analysis - Possible URLs found 4

https://t.me/bonoboaz
https://steamcommunity.com/profiles/76561199550790047
http://
https://

Import functions

KERNEL32.dll 86 ole32.dll 4 OLEAUT32.dll 4

Function	Address	Souspicious	Anti Debug
Sleep	0x439000
GetSystemInfo	0x439004
FlsAlloc	0x439008
LocalAlloc	0x43900c
lstrlenW	0x439010
lstrcatW	0x439014
HeapAlloc	0x439018
GetProcessHeap	0x43901c
GetProcAddress	0x439020
GetCurrentProcess	0x439024
VirtualProtect	0x439028
GetLogicalProcessorInformationEx	0x43902c
lstrlenA	0x439030
CloseHandle	0x439034
FindNextFileW	0x439038
FindFirstFileW	0x43903c
SetEndOfFile	0x439040
LoadLibraryA	0x439044
ExitProcess	0x439048
CreateFileW	0x43904c
CreateFileA	0x439050
SetStdHandle	0x439054
WriteConsoleW	0x439058
LoadLibraryW	0x43905c
IsValidLocale	0x439060
EnumSystemLocalesA	0x439064
GetLocaleInfoA	0x439068
GetUserDefaultLCID	0x43906c
HeapReAlloc	0x439070
GetLocaleInfoW	0x439074
InterlockedIncrement	0x439078
InterlockedDecrement	0x43907c
WideCharToMultiByte	0x439080
InterlockedExchange	0x439084
InitializeCriticalSection	0x439088
DeleteCriticalSection	0x43908c
EnterCriticalSection	0x439090
LeaveCriticalSection	0x439094
EncodePointer	0x439098
DecodePointer	0x43909c
MultiByteToWideChar	0x4390a0
GetLastError	0x4390a4
HeapFree	0x4390a8
RaiseException	0x4390ac
RtlUnwind	0x4390b0
GetSystemTimeAsFileTime	0x4390b4
GetCommandLineA	0x4390b8
HeapSetInformation	0x4390bc
GetStartupInfoW	0x4390c0
LCMapStringW	0x4390c4
GetCPInfo	0x4390c8
IsProcessorFeaturePresent	0x4390cc
TerminateProcess	0x4390d0
UnhandledExceptionFilter	0x4390d4
SetUnhandledExceptionFilter	0x4390d8
IsDebuggerPresent	0x4390dc
GetModuleHandleW	0x4390e0
WriteFile	0x4390e4
GetStdHandle	0x4390e8
GetModuleFileNameW	0x4390ec
HeapCreate	0x4390f0
TlsAlloc	0x4390f4
TlsGetValue	0x4390f8
TlsSetValue	0x4390fc
TlsFree	0x439100
SetLastError	0x439104
GetCurrentThreadId	0x439108
GetACP	0x43910c
GetOEMCP	0x439110
IsValidCodePage	0x439114
HeapSize	0x439118
SetHandleCount	0x43911c
InitializeCriticalSectionAndSpinCount	0x439120
GetFileType	0x439124
GetConsoleCP	0x439128
GetConsoleMode	0x43912c
FlushFileBuffers	0x439130
ReadFile	0x439134
SetFilePointer	0x439138
GetModuleFileNameA	0x43913c
FreeEnvironmentStringsW	0x439140
GetEnvironmentStringsW	0x439144
QueryPerformanceCounter	0x439148
GetTickCount	0x43914c
GetCurrentProcessId	0x439150
GetStringTypeW	0x439154

Function	Address	Souspicious	Anti Debug
CoCreateInstance	0x439170
CoInitializeSecurity	0x439174
CoInitializeEx	0x439178
CoSetProxyBlanket	0x43917c

Function	Address	Souspicious	Anti Debug
SysFreeString	0x43915c
VariantClear	0x439160
VariantInit	0x439164
SysAllocString	0x439168