DigitalSide Threat Intel

index1.php

First submission 2023-09-13 10:53:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 298.0 KB (305152 bytes)
Compile time: 2023-02-15 06:15:30
MD5: 2f8224fe21584d4780a10e6d3f4dd367
SHA1: 974f8cfce4a1c02225b4f715878d058c1f1883ae
SHA256: 185191bcf9c8b49ddc40877f9b3638e01cebfc2b5ba3fea77098913df72bc5eb
Import Hash : 6fba566ba00d06ca347aab1a29fbe8be
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total: 30/70 VT report date: 2023-09-13 08:49:25

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://login-sofi.4dq.com/tmp/index1.php VirusTotal Report login-sofi.4dq.com VirusTotal Report 2023-09-13 10:53:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x20182 131584 5ca0ef479139844ffeac800904acfc5dff8c0a5e 67766be8237fbe57865d28eba4311f88
.data 0x22000 0x1ebbc6c 91648 7aa322cc1d76ac9d8cf991d1dc02b3c49f58d4e2 e8fb9f943cef0d212d3bc69f150e012a
.rsrc 0x1ede000 0x13b58 80896 6fc4e557f29a520285b5a914960542ebd4f22f84 afcee0cfb47848e0e3d8698d4d6b3f95

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x1ef0468 2216
RT_ICON LANG_SINDHI SUBLANG_SYS_DEFAULT 0x1eeff98 1128
RT_STRING LANG_SINDHI SUBLANG_SYS_DEFAULT 0x1ef1958 512
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x1ef0d10 20
RT_GROUP_ICON LANG_SINDHI SUBLANG_SYS_DEFAULT 0x1ef0400 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x1ef0d28 632

Meta infos 8

InternalName: Superior.exe
FileVersions: 42.51.49
LegalCopyrights: Challangers bojala
CompanyName: Thunderstuck
ProductVersion: 27.5.34.0
FileDescriptions: Anybodies
Translation: 0x124e 0x043a
ProductName: Bonni

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
SHELL32.dll
USER32.dll
GDI32.dll

Import functions

Function Address Souspicious Anti Debug
LookupAccountSidW 0x401000
Function Address Souspicious Anti Debug
DragFinish 0x401210
Function Address Souspicious Anti Debug
GetDriveTypeW 0x401018
BuildCommDCBAndTimeoutsA 0x40101c
SystemTimeToTzSpecificLocalTime 0x401020
InterlockedIncrement 0x401024
MoveFileExW 0x401028
InterlockedDecrement 0x40102c
CreateJobObjectW 0x401030
SetHandleInformation 0x401034
GetProfileStringW 0x401038
SetVolumeMountPointW 0x40103c
GetComputerNameW 0x401040
FreeEnvironmentStringsA 0x401044
GetModuleHandleW 0x401048
GenerateConsoleCtrlEvent 0x40104c
GetConsoleAliasesLengthA 0x401050
GetConsoleAliasExesW 0x401054
EnumTimeFormatsA 0x401058
EnumTimeFormatsW 0x40105c
GetEnvironmentStrings 0x401060
GetConsoleCP 0x401064
GlobalAlloc 0x401068
LoadLibraryW 0x40106c
TerminateThread 0x401070
FatalAppExitW 0x401074
GetCalendarInfoW 0x401078
GetStartupInfoW 0x40107c
CreateMailslotW 0x401080
RaiseException 0x401084
GetPrivateProfileIntW 0x401088
InterlockedExchange 0x40108c
GetStartupInfoA 0x401090
SetThreadLocale 0x401094
GetLastError 0x401098
GetNumaProcessorNode 0x40109c
BackupRead 0x4010a0
PeekConsoleInputW 0x4010a4
MoveFileW 0x4010a8
EnumSystemCodePagesW 0x4010ac
LoadLibraryA 0x4010b0
OpenMutexA 0x4010b4
GetProcessId 0x4010b8
LocalAlloc 0x4010bc
GetNumberFormatW 0x4010c0
RemoveDirectoryW 0x4010c4
GlobalGetAtomNameW 0x4010c8
FindNextFileA 0x4010cc
EnumDateFormatsA 0x4010d0
GlobalUnWire 0x4010d4
GetModuleHandleA 0x4010d8
SetLocaleInfoW 0x4010dc
EnumResourceNamesA 0x4010e0
FindNextFileW 0x4010e4
VirtualProtect 0x4010e8
EnumDateFormatsW 0x4010ec
GetShortPathNameW 0x4010f0
OpenSemaphoreW 0x4010f4
FindFirstVolumeA 0x4010f8
FindAtomW 0x4010fc
FindFirstVolumeW 0x401100
GetVolumeNameForVolumeMountPointW 0x401104
DeleteFileW 0x401108
AddConsoleAliasA 0x40110c
CreateFileW 0x401110
ReadFile 0x401114
FlushFileBuffers 0x401118
GetCommandLineW 0x40111c
EnumCalendarInfoA 0x401120
FindFirstFileW 0x401124
SetDefaultCommConfigA 0x401128
GetFileSize 0x40112c
GetCurrentDirectoryW 0x401130
WriteConsoleW 0x401134
SetStdHandle 0x401138
Sleep 0x40113c
InitializeCriticalSection 0x401140
DeleteCriticalSection 0x401144
EnterCriticalSection 0x401148
LeaveCriticalSection 0x40114c
EncodePointer 0x401150
DecodePointer 0x401154
HeapFree 0x401158
HeapAlloc 0x40115c
GetProcAddress 0x401160
ExitProcess 0x401164
DeleteFileA 0x401168
HeapSetInformation 0x40116c
RtlUnwind 0x401170
UnhandledExceptionFilter 0x401174
SetUnhandledExceptionFilter 0x401178
IsDebuggerPresent 0x40117c
TerminateProcess 0x401180
GetCurrentProcess 0x401184
IsProcessorFeaturePresent 0x401188
HeapCreate 0x40118c
WriteFile 0x401190
GetStdHandle 0x401194
GetModuleFileNameW 0x401198
InitializeCriticalSectionAndSpinCount 0x40119c
TlsAlloc 0x4011a0
TlsGetValue 0x4011a4
TlsSetValue 0x4011a8
TlsFree 0x4011ac
SetLastError 0x4011b0
GetCurrentThreadId 0x4011b4
HeapSize 0x4011b8
FreeEnvironmentStringsW 0x4011bc
GetEnvironmentStringsW 0x4011c0
SetHandleCount 0x4011c4
GetFileType 0x4011c8
QueryPerformanceCounter 0x4011cc
GetTickCount 0x4011d0
GetCurrentProcessId 0x4011d4
GetSystemTimeAsFileTime 0x4011d8
GetCPInfo 0x4011dc
GetACP 0x4011e0
GetOEMCP 0x4011e4
IsValidCodePage 0x4011e8
GetStringTypeW 0x4011ec
MultiByteToWideChar 0x4011f0
SetFilePointer 0x4011f4
WideCharToMultiByte 0x4011f8
GetConsoleMode 0x4011fc
HeapReAlloc 0x401200
LCMapStringW 0x401204
CloseHandle 0x401208
Function Address Souspicious Anti Debug
GetBoundsRect 0x401008
SelectPalette 0x40100c
GetTextFaceW 0x401010
Function Address Souspicious Anti Debug
GetComboBoxInfo 0x401218
CharUpperW 0x40121c