newfile.exe

First submission 2022-07-31 16:11:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1471.0 KB (1506304 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 2fc0c163292d0b4c1abd764a97d09450
SHA1: 28449ec69a8f8bc53e35520d98692d82a4b9b6ac
SHA256: 69adb502aa17ed6a7cd1b819e1edaf393a604fdccd17f8e3bfa73dd8a46e83ff
Import Hash : 4c90eb94245b983a65e2bc9930622774
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 4 import resource tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://62.204.41.178/newfile.exe VirusTotal Report 62.204.41.178 VirusTotal Report 2022-07-31 16:11:02

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
CODE 0x1000 0x131a44 1252352 708e1ae838291c0190c59910979a33fa59864090 31af6d4c91b9362b05c91759e21a0af3
DATA 0x133000 0x3b60 15360 98c4845904e11bc0bbacf080b91c7c1464aae668 9c4474898f55fdfc77fe5cba977f5b0f
BSS 0x137000 0x10d1 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x139000 0x268a 10240 ae5edd22e6eb4ca84e80abf3722c29bc3c2edbc5 afb56a248c87f94679f08a063f138246
.tls 0x13c000 0x48 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x13d000 0x18 512 05e9d7f13d2c9f3f20b83c3319b36f2135e31ae6 07f015569f4c285cad284f8b702cf9ce
.reloc 0x13e000 0x18184 98816 172ae9401c42db26a7d0949e0cd65abcc42b8bdd 55f626ad34e3704ce1a3ccb58b599cdf
.rsrc 0x157000 0x1f400 128000 aca66e719941e3a15dd07d2325a401d71701f430 071d1f6ffe963d121915406599700c5a

PE Resources 10

Name Language Sublanguage Offset Size Data
B LANG_UKRAINIAN SUBLANG_ARABIC_LIBYA 0x157ec0 86460
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x16d8e8 308
RT_BITMAP LANG_NEUTRAL SUBLANG_NEUTRAL 0x16ec50 232
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x16ed38 744
RT_DIALOG LANG_NEUTRAL SUBLANG_NEUTRAL 0x16f020 82
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x175374 852
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x175ea8 305
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x176068 20
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x17607c 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x176090 528

Meta infos 6

Translation: 0x0409 0x04b0
LegalCopyright: C opyright (c) 1999-2011 Igor Pavlov
InternalName: gyhe
ProductName: 7-Zip
OriginalFilename: 7 z.exe
ProductVersion: 9.23 alpha

Packers detected 5

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
Borland Delphi v6.0 - v7.0
BobSoft Mini Delphi -> BoB / BobSoft

Anti debug functions 5

FindWindowA
GetLastError
GetWindowThreadProcessId
RaiseException
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
Window Text=This control requires version 4.70 or greater of COMCTL32.DLL
urlmon.dll
MAPI32.dll
WS2_32.dll
USER32.dll
UxTheme.dll
COMCTL32.dll
ole32.dll
IMM32.dll
ADVAPI32.dll
GDI32.dll
OLEAUT32.dll
idapi32.DLL
KERNEL32.dll
WINMM.dll
vcltest3.dll
xercesxmldom.dll
VERSION.dll

Strings analysis - Possible URLs found 11

http://www.w3.org/2000/10/XMLSchema
http://www.w3.org/2000/10/XMLSchema-instance
http://www.borland.com/namespaces/Types
http://
http://www.w3.org/1999/XMLSchema
http://www.w3.org/2000/xmlns/
http://www.w3.org/2001/XMLSchema
http://www.w3.org/2001/XMLSchema-instance
http://schemas.xmlsoap.org/soap/encoding/
http://www.w3.org/1999/XMLSchema-instance
http://www.w3.org/XML/1998/namespace

Import functions