data64_4.exe

First submission 2022-07-31 17:18:02

File details

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File type:	2048.5 KB (2097664 bytes)
Compile time:	2022-07-29 18:40:32
MD5:	2eef072591fa615c5a3e8762076210d2
SHA1:	9d1346230f5d49439bfa5556f9cd35fc2466217b
SHA256:	4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817
Import Hash :	5163b901e63589d6b74136c9f07dbc8f
Sections 5	.text .rdata .data .rsrc .reloc
Directories 4	import resource debug relocation
Virus Total:	39/71 VT report date: 2022-07-31 02:57:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://malanche.com/10/data64_4.exe	malanche.com	2022-07-31 17:18:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5	Suspicious
.text	0x1000	0x125000	1199104	197db2652bfda9e57c206370dd8ac302dd20aca9	82a0f186d18e78bccc7a58a37508f019
.rdata	0x126000	0xb000	45056	b325a1e987fc32c5b61ce4c3e6b1a0ea81284fa0	499b7aab66b922b86e2f2af9006a2f20
.data	0x131000	0xe8000	851456	2d2c88698d4f96a7fee20f7fc0c219b3961a728f	0a0a2d8e1167ceedd640e0269a481840
.rsrc	0x219000	0x1000	512	3942b767ca8d9066447d8611e4a52d9c977f36e6	eecdde00ad9bedc79db90a2c3e5c66f4
.reloc	0x21a000	0x1000	512	bedcf6757325ed09fff8d3ef777a7bd5c8862ba6	ea81763ee8144b8a3b9befc1c0064f38

PE Resources 1

Name

Language

Sublanguage

Offset

Size

Data

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x219060

381

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
api-ms-win-crt-heap-l1-1-0.dll
KERNEL32.dll
api-ms-win-crt-stdio-l1-1-0.dll
mscoree.dll
api-ms-win-crt-runtime-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll

Import functions

api-ms-win-crt-heap-l1-1-0.dll 1 KERNEL32.dll 15 api-ms-win-crt-math-l1-1-0.dll 1 mscoree.dll 1 api-ms-win-crt-runtime-l1-1-0.dll 18 VCRUNTIME140.dll 5 api-ms-win-crt-locale-l1-1-0.dll 1 api-ms-win-crt-stdio-l1-1-0.dll 2

Function	Address	Souspicious	Anti Debug
_set_new_mode	0x526058

Function	Address	Souspicious	Anti Debug
SetUnhandledExceptionFilter	0x526000
GetProcAddress	0x526004
QueryPerformanceCounter	0x526008
GetCurrentProcessId	0x52600c
GetCurrentThreadId	0x526010
TerminateProcess	0x526014
GetCurrentProcess	0x526018
GetModuleHandleW	0x52601c
IsProcessorFeaturePresent	0x526020
GetStartupInfoW	0x526024
Sleep	0x526028
UnhandledExceptionFilter	0x52602c
IsDebuggerPresent	0x526030
InitializeSListHead	0x526034
GetSystemTimeAsFileTime	0x526038

Function	Address	Souspicious	Anti Debug
__setusermatherr	0x526068

Function	Address	Souspicious	Anti Debug
_CorExeMain	0x5260c8

Function	Address	Souspicious	Anti Debug
terminate	0x526070
_register_thread_local_exe_atexit_callback	0x526074
_controlfp_s	0x526078
_c_exit	0x52607c
_crt_atexit	0x526080
_cexit	0x526084
abort	0x526088
_exit	0x52608c
exit	0x526090
_initterm_e	0x526094
_initterm	0x526098
_get_narrow_winmain_command_line	0x52609c
_initialize_narrow_environment	0x5260a0
_configure_narrow_argv	0x5260a4
_set_app_type	0x5260a8
_seh_filter_exe	0x5260ac
_initialize_onexit_table	0x5260b0
_register_onexit_function	0x5260b4

Function	Address	Souspicious	Anti Debug
__current_exception_context	0x526040
__current_exception	0x526044
memset	0x526048
_except_handler4_common	0x52604c
__FrameUnwindFilter	0x526050

Function	Address	Souspicious	Anti Debug
_configthreadlocale	0x526060

Function	Address	Souspicious	Anti Debug
__p__commode	0x5260bc
_set_fmode	0x5260c0

Name	Latest seen	MD5
data64_4.exe	2022-08-01 05:13:03	4d8158eea8e29f4e0d9738fbbb3397ea