pilka.exe

First submission 2023-01-24 17:06:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 286.0 KB (292864 bytes)
Compile time: 2021-08-02 15:27:08
MD5: 31fd5d212c781814bef545716cb0e4d7
SHA1: 15dcc08cabb44ac53dea952f0a39014595d3be35
SHA256: 22e30e2eb592c22827710072d68eeff604571a8992bc7309b74e2932a9d25df2
Import Hash : e24edfc2e5005495b46610eb617a2b17
Sections 3 .text .data .rsrc
Directories 3 debug resource import
Virus Total: 27/70 VT report date: 2023-01-24 16:02:47

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://62.204.41.119/next/pilka.exe VirusTotal Report 62.204.41.119 VirusTotal Report 2023-01-24 17:06:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1553a 87552 9f8de5b22e09c2dd70282db0cf62c4400000afc0 e4b428f8c963e20679739ac4d2d6a09d
.data 0x17000 0x2797190 192512 b8792d5c0d0c53ec6434d42ef6c7356367e8eebe 3ac52ae266c958caae31dc82d594b6b1
.rsrc 0x27af000 0x2ce0 11776 22e4e20d9dd4d35b3f3e67445db1a894c102f7dc 1c829727d9d81c37b4b4fb63aadc61a4

PE Resources 6

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x27b1518 2
RT_ICON LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b1048 1128
RT_STRING LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b1ab8 546
RT_GROUP_ICON LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b14b0 62
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x27b1520 336
None LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b14f0 10

Meta infos 1

Translation: 0x070e 0x0152

Packers detected 2

VC8 -> Microsoft Corporation
Microsoft Visual C++ 8

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
GDI32.dll
USER32.dll
MSIMG32.dll
WINHTTP.dll
mscoree.dll
KERNEL32.dll

Strings analysis - Possible IPs found 1

17.94.97.89

Import functions

Name Latest seen MD5
testo1.exe 2023-01-24 17:04:02 2fce6d08812059929e4c334fb8198580