ladas.exe

First submission 2024-02-08 07:03:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2315.0 KB (2370560 bytes)
Compile time: 2024-02-01 12:29:07
MD5: 2fae8d32357ed07bf6a6b216f376f867
SHA1: 8956facf7db5e5ed90d8e59ca6c85ab615c093ba
SHA256: bcfa57783fd524107c5c47ec1fbb39a74b04c3e29dc7aac4cce19349767d0726
Import Hash : 2eabe9054cad5152567f0699947a2c5b
Sections 7 .rsrc .idata hrramooh orxchjqf .taggant
Directories 3 import resource relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.233.132.167/cost/ladas.exe VirusTotal Report 193.233.132.167 VirusTotal Report 2024-02-08 07:03:03

PE Sections 5 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x135000 583680 9b482c806e333f408dda170ac72bc72cb46da6b2 b34459ec73777ce3abc3b4322b7935f4
.rsrc 0x136000 0x43b0 4608 fe01452c499e36074254417c86b3734892e5c0ee dcb82509f89952c0ac7981b84d846edf
.idata 0x13b000 0x1000 512 b93c2fa40bd7226aec6cc58fbbb618ecd2ab29f1 ce7e7ba3b7e1f44d5bf269a78760122d
0x13c000 0x2cb000 512 bc0b780923e993c95c26fd7e53071325ed7b3c8b 6c6fdc1f4b3c124b24336cb2f393cbc4
hrramooh 0x407000 0x1b0000 1767424 8c32775593f702104c133e01b1875fce06a8ae51 5c13b1dbb4687c1a3c14b79307c7d739
orxchjqf 0x5b7000 0x1000 1024 f8476f19171838874134a1bbd1184b368fabe4e7 91f7658d5f74f40397589484eb34b0e1
.taggant 0x5b8000 0x3000 8704 14327498f8229511e53bee1afd59c96b95521c77 ccd80bf197736991ee29d8705f4127b7

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x5b3920 9640
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x5b5ec8 48
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x5b5ef8 696
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x5b6496 381

Meta infos 8

LegalCopyright: Ansgar Becker, see gpl.txt
InternalName: heidisql.exe
FileVersion: 12.6.0.6783
FileDescription: HeidiSQL 12.6.0.6783 32 Bit
Translation: 0x0409 0x04b0
ProductName: HeidiSQL
OriginalFilename: heidisql.exe
ProductVersion: 0.0.0.0

Strings analysis - File found

Text
Ansgar Becker, see gpl.txt
Library
KERNEL32.dll

Import functions

Name Latest seen MD5
dota.exe 2024-02-06 05:06:03 9e4d39ed30534cc58a95507c99370a47
amert.exe 2024-02-06 06:41:03 a3cd3871ba24037d9aba6b0b053cf34a
rega.exe 2024-02-07 02:02:02 43836f75d5662bc72af946abefe786ce
bucha.exe 2024-02-08 03:22:04 3e9650a7b961e437db222dfb746e2be9
hunta.exe 2024-02-09 12:02:02 094c7deac7308ea0c8e656efae033a64
hunta.exe 2024-02-10 13:41:02 48bd66cb49e7451cbdb078e2698a1290
micro.exe 2024-02-10 15:22:02 bfcbce795272ae853a343628bd213390
loster.exe 2024-02-11 00:01:02 62888e93e8a9b835451bd3371d4b5218