DigitalSide Threat Intel

pilka.exe

First submission 2023-01-24 17:06:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 286.0 KB (292864 bytes)
Compile time: 2021-08-02 15:27:08
MD5: 31fd5d212c781814bef545716cb0e4d7
SHA1: 15dcc08cabb44ac53dea952f0a39014595d3be35
SHA256: 22e30e2eb592c22827710072d68eeff604571a8992bc7309b74e2932a9d25df2
Import Hash : e24edfc2e5005495b46610eb617a2b17
Sections 3 .text .data .rsrc
Directories 3 debug resource import
Virus Total: 27/70 VT report date: 2023-01-24 16:02:47

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://62.204.41.119/next/pilka.exe VirusTotal Report 62.204.41.119 VirusTotal Report 2023-01-24 17:06:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1553a 87552 9f8de5b22e09c2dd70282db0cf62c4400000afc0 e4b428f8c963e20679739ac4d2d6a09d
.data 0x17000 0x2797190 192512 b8792d5c0d0c53ec6434d42ef6c7356367e8eebe 3ac52ae266c958caae31dc82d594b6b1
.rsrc 0x27af000 0x2ce0 11776 22e4e20d9dd4d35b3f3e67445db1a894c102f7dc 1c829727d9d81c37b4b4fb63aadc61a4

PE Resources 6

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x27b1518 2
RT_ICON LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b1048 1128
RT_STRING LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b1ab8 546
RT_GROUP_ICON LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b14b0 62
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x27b1520 336
None LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x27b14f0 10

Meta infos 1

Translation: 0x070e 0x0152

Packers detected 2

VC8 -> Microsoft Corporation
Microsoft Visual C++ 8

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
GDI32.dll
USER32.dll
MSIMG32.dll
WINHTTP.dll
mscoree.dll
KERNEL32.dll

Strings analysis - Possible IPs found 1

17.94.97.89

Import functions

Function Address Souspicious Anti Debug
FindActCtxSectionStringA 0x40100c
GetCommTimeouts 0x401010
GetSystemWindowsDirectoryA 0x401014
GlobalHandle 0x401018
FindFirstVolumeMountPointW 0x40101c
CreateDirectoryExA 0x401020
ReleaseActCtx 0x401024
GetLogicalDriveStringsA 0x401028
ReadConsoleInputW 0x40102c
GetComputerNameExW 0x401030
GetTempPathW 0x401034
GetCurrentDirectoryA 0x401038
DebugBreak 0x40103c
LCMapStringW 0x401040
GetProcAddress 0x401044
GlobalAlloc 0x401048
EnumSystemLocalesA 0x40104c
CreateMutexW 0x401050
GetLastError 0x401054
LoadLibraryW 0x401058
GetCommMask 0x40105c
LocalUnlock 0x401060
GetUserDefaultLangID 0x401064
TerminateThread 0x401068
GlobalFlags 0x40106c
FileTimeToLocalFileTime 0x401070
GetConsoleAliasesLengthW 0x401074
GetVolumePathNameW 0x401078
InterlockedCompareExchange 0x40107c
SetVolumeMountPointA 0x401080
lstrcmpA 0x401084
ChangeTimerQueueTimer 0x401088
GetLocaleInfoA 0x40108c
GetComputerNameA 0x401090
lstrcpynW 0x401094
SetConsoleCtrlHandler 0x401098
CopyFileA 0x40109c
FileTimeToDosDateTime 0x4010a0
QueryDosDeviceW 0x4010a4
CreateActCtxW 0x4010a8
DeleteVolumeMountPointA 0x4010ac
MoveFileWithProgressW 0x4010b0
GetConsoleProcessList 0x4010b4
WaitForMultipleObjectsEx 0x4010b8
WritePrivateProfileStructA 0x4010bc
InterlockedExchangeAdd 0x4010c0
EnumTimeFormatsW 0x4010c4
VerifyVersionInfoW 0x4010c8
FindNextFileA 0x4010cc
GetConsoleAliasW 0x4010d0
FreeLibraryAndExitThread 0x4010d4
CreateFileA 0x4010d8
GetModuleHandleA 0x4010dc
LoadLibraryA 0x4010e0
CloseHandle 0x4010e4
MoveFileA 0x4010e8
DeleteFileA 0x4010ec
GetStartupInfoW 0x4010f0
HeapAlloc 0x4010f4
EnterCriticalSection 0x4010f8
LeaveCriticalSection 0x4010fc
SetHandleCount 0x401100
GetStdHandle 0x401104
GetFileType 0x401108
GetStartupInfoA 0x40110c
DeleteCriticalSection 0x401110
TerminateProcess 0x401114
GetCurrentProcess 0x401118
UnhandledExceptionFilter 0x40111c
SetUnhandledExceptionFilter 0x401120
IsDebuggerPresent 0x401124
GetModuleHandleW 0x401128
Sleep 0x40112c
ExitProcess 0x401130
WriteFile 0x401134
GetModuleFileNameA 0x401138
GetModuleFileNameW 0x40113c
FreeEnvironmentStringsW 0x401140
GetEnvironmentStringsW 0x401144
GetCommandLineW 0x401148
TlsGetValue 0x40114c
TlsAlloc 0x401150
TlsSetValue 0x401154
TlsFree 0x401158
InterlockedIncrement 0x40115c
SetLastError 0x401160
GetCurrentThreadId 0x401164
InterlockedDecrement 0x401168
HeapCreate 0x40116c
VirtualFree 0x401170
HeapFree 0x401174
QueryPerformanceCounter 0x401178
GetTickCount 0x40117c
GetCurrentProcessId 0x401180
GetSystemTimeAsFileTime 0x401184
GetCPInfo 0x401188
GetACP 0x40118c
GetOEMCP 0x401190
IsValidCodePage 0x401194
VirtualAlloc 0x401198
HeapReAlloc 0x40119c
SetFilePointer 0x4011a0
WideCharToMultiByte 0x4011a4
GetConsoleCP 0x4011a8
GetConsoleMode 0x4011ac
InitializeCriticalSectionAndSpinCount 0x4011b0
RtlUnwind 0x4011b4
MultiByteToWideChar 0x4011b8
LCMapStringA 0x4011bc
GetStringTypeA 0x4011c0
GetStringTypeW 0x4011c4
RaiseException 0x4011c8
FlushFileBuffers 0x4011cc
SetStdHandle 0x4011d0
WriteConsoleA 0x4011d4
GetConsoleOutputCP 0x4011d8
WriteConsoleW 0x4011dc
ReadFile 0x4011e0
HeapSize 0x4011e4
Function Address Souspicious Anti Debug
GetBrushOrgEx 0x401000
GetCharWidthA 0x401004
Function Address Souspicious Anti Debug
TransparentBlt 0x4011ec
Function Address Souspicious Anti Debug
WinHttpReadData 0x4011f4

Related files by ImpHash 1 e24edfc2e5005495b46610eb617a2b17

Name Latest seen MD5
testo1.exe 2023-01-24 17:04:02 2fce6d08812059929e4c334fb8198580