EvolutInjector.exe

First submission 2024-09-03 00:32:01 Last sumbission 2024-09-03 00:33:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 76.0 KB (77824 bytes)
Compile time: 2022-09-05 21:37:06
MD5: 34563cc2fcd4e6e5b0063cbc0ffce9c1
SHA1: 325d256405aa1cb044237c05b2275342377fd6de
SHA256: bbb81a7571c503d859b2150c7741ac69b3308ad494a897d93cc0d0b371b7b5f1
Import Hash : 31c1dfad666d3014f181289ffa32ae76
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 25/79 VT report date: 2024-09-03 00:04:35
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://downloadsparrow.com/cl/EvolutInjector.exe VirusTotal Report downloadsparrow.com VirusTotal Report 2024-09-03 00:32:01

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x4481 17920 5fdc288d708657312cf94643512f6e69668ab4cb 91d972899eb53ec59da76575fb0a86db
.rdata 0x6000 0x24be 9728 83283d05b7d3841c8a28e85f01b4a8d0f46dca96 75e7557999257e4570342ea638aae4cc
.data 0x9000 0x5ac 1024 eacf27b802ae3f2f15864730269d96086334b398 13d8c2530e6090200d14095f52055dad
.rsrc 0xa000 0xb580 46592 e8475ef89dc9bee78a483f06590292fa0349bb6c ba345cb7209640c569ba63be23936980
.reloc 0x16000 0x5cc 1536 2ddae053a10264f5037b0727ab36831f307fc654 d93ff5cef50f715b39240cc6038c57e7

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_PORTUGUESE SUBLANG_PORTUGUESE_BRAZILIAN 0x14f08 1128
RT_GROUP_ICON LANG_PORTUGUESE SUBLANG_PORTUGUESE_BRAZILIAN 0x15370 132
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x153f8 392

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 8

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
NtCreateThreadEx
Process32FirstW
Process32NextW
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
Evolut.dll
KERNEL32.dll
\Evolut.dll
api-ms-win-crt-math-l1-1-0.dll
ntdll.dll
ADVAPI32.dll
api-ms-win-crt-heap-l1-1-0.dll
msvcp140.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll

Import functions