data64_4.exe

First submission 2022-07-31 17:18:02

File details

File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File type: 2048.5 KB (2097664 bytes)
Compile time: 2022-07-29 18:40:32
MD5: 2eef072591fa615c5a3e8762076210d2
SHA1: 9d1346230f5d49439bfa5556f9cd35fc2466217b
SHA256: 4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817
Import Hash : 5163b901e63589d6b74136c9f07dbc8f
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 39/71 VT report date: 2022-07-31 02:57:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://malanche.com/10/data64_4.exe VirusTotal Report malanche.com VirusTotal Report 2022-07-31 17:18:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x125000 1199104 197db2652bfda9e57c206370dd8ac302dd20aca9 82a0f186d18e78bccc7a58a37508f019
.rdata 0x126000 0xb000 45056 b325a1e987fc32c5b61ce4c3e6b1a0ea81284fa0 499b7aab66b922b86e2f2af9006a2f20
.data 0x131000 0xe8000 851456 2d2c88698d4f96a7fee20f7fc0c219b3961a728f 0a0a2d8e1167ceedd640e0269a481840
.rsrc 0x219000 0x1000 512 3942b767ca8d9066447d8611e4a52d9c977f36e6 eecdde00ad9bedc79db90a2c3e5c66f4
.reloc 0x21a000 0x1000 512 bedcf6757325ed09fff8d3ef777a7bd5c8862ba6 ea81763ee8144b8a3b9befc1c0064f38

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x219060 381

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
api-ms-win-crt-heap-l1-1-0.dll
KERNEL32.dll
api-ms-win-crt-stdio-l1-1-0.dll
mscoree.dll
api-ms-win-crt-runtime-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll

Import functions

Name Latest seen MD5
data64_4.exe 2022-08-01 05:13:03 4d8158eea8e29f4e0d9738fbbb3397ea