index.php

First submission 2023-09-17 14:53:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	254.0 KB (260096 bytes)
Compile time:	2022-12-21 06:01:59
MD5:	34d7fa01ef6b0957c927b23a165be578
SHA1:	94d4c1fc45b8b49b8f7b8bad492b6ae1fc9b7e00
SHA256:	3d590dced909090620ef7c09e5bac071e45ed9e814a6bc6e1038648929ee1474
Import Hash :	0247adcd329847ea0db225ff728b6ec9
Sections 3	.text .data .rsrc
Directories 2	import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://www.cotomac.com/tmp/index.php	www.cotomac.com	2023-09-17 14:53:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x30b02	199680	f652a338c82610fa8064b53499a549470709eb3f	a9c412a31619da8fca1c710f726b64d5
.data	0x32000	0x2d05a8	16384	07f1ef89f5edb245211b77e558a220d6bb2e21b4	3fcdbe62553e0acbad69e5c6a3a4eb61
.rsrc	0x303000	0xa610	43008	d250c9df9de6832bbbec5d13d2b2c80e4102e508	c7daa9bfa9bcb83ded13ded543e54f8f

PE Resources 4

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x30c620	1128
RT_STRING	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x30d168	1188	PE Resource: RT_STRING - Data Wijumubodameh biwugFehejovo hiv limecawodHZowebojikihehe necigejohogix feper kifoxuloy tovodukowix nosupanigayuzatDRisumamofuluwi rohorulax muvatafuvafuxo noyixuheronob nase miwoheson=Sasokib ranosuwemim sefamu jehec fuvuhuceluh cevaze maxiyipiv2Midejozawudosi wadaw bovivudagupezal facekegucigabOSovox lij xovoxuhay figahowalufipam lurihisez zekehepugiruf cicixufomujuw lavef7Hifuxoto wecehomeb xela hevicovacuvic bixabinafu guceseTeve+Mexifejusezoku pat lup wogovovujubuva gowatiZepuku yuyihipisa lebosufedewoc nazagokunirin bosufe hahifobubuxej kugipu nayexiyigeyuxem wibociwafixoyeh
RT_GROUP_ICON	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x30ca88	118
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x30cb00	520

Meta infos 6

FileVersions:	8.8.87.89
InternalName:	Electricity.exe
ProductVersion:	2.70.47.63
Translation:	0x124f 0x03fc
OriginalFilename:	Hungle.exe
ProductName:	HumbleOpinion

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
SHELL32.dll
WINHTTP.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

8.8.87.89
2.70.47.63

Import functions

SHELL32.dll 1 KERNEL32.dll 108 GDI32.dll 3 USER32.dll 1 WINHTTP.dll 1

Function	Address	Souspicious	Anti Debug
DragFinish	0x4011c4

Function	Address	Souspicious	Anti Debug
ReadConsoleA	0x401010
InterlockedDecrement	0x401014
SetDefaultCommConfigW	0x401018
GetEnvironmentStringsW	0x40101c
GetProfileStringW	0x401020
GetUserDefaultLCID	0x401024
SetConsoleScreenBufferSize	0x401028
AddConsoleAliasW	0x40102c
SetVolumeMountPointW	0x401030
GetComputerNameW	0x401034
GetModuleHandleW	0x401038
GetCommConfig	0x40103c
GetConsoleAliasesLengthA	0x401040
SetFileTime	0x401044
GetCommandLineA	0x401048
GetDriveTypeA	0x40104c
GetEnvironmentStrings	0x401050
LoadLibraryW	0x401054
TerminateThread	0x401058
FatalAppExitW	0x40105c
ReadConsoleInputA	0x401060
CopyFileW	0x401064
SetConsoleCP	0x401068
EnumSystemCodePagesA	0x40106c
GetACP	0x401070
GetVolumePathNameA	0x401074
MoveFileExW	0x401078
CreateJobObjectA	0x40107c
GetPrivateProfileIntW	0x401080
FindFirstFileA	0x401084
GetLastError	0x401088
GetCurrentDirectoryW	0x40108c
SetLastError	0x401090
LoadLibraryA	0x401094
OpenMutexA	0x401098
GetProcessId	0x40109c
LocalAlloc	0x4010a0
GetFileType	0x4010a4
GetNumberFormatW	0x4010a8
RemoveDirectoryW	0x4010ac
GetModuleHandleA	0x4010b0
FreeEnvironmentStringsW	0x4010b4
EnumResourceNamesA	0x4010b8
FindNextFileW	0x4010bc
VirtualProtect	0x4010c0
GetCurrentDirectoryA	0x4010c4
EnumDateFormatsW	0x4010c8
GetShortPathNameW	0x4010cc
OpenSemaphoreW	0x4010d0
FindFirstVolumeA	0x4010d4
FindAtomW	0x4010d8
GetWindowsDirectoryW	0x4010dc
SetStdHandle	0x4010e0
WriteConsoleW	0x4010e4
GetConsoleAliasExesA	0x4010e8
FindFirstFileW	0x4010ec
GetStartupInfoW	0x4010f0
GetCommandLineW	0x4010f4
CloseHandle	0x4010f8
CreateFileW	0x4010fc
MoveFileA	0x401100
HeapFree	0x401104
HeapAlloc	0x401108
EncodePointer	0x40110c
DecodePointer	0x401110
HeapSetInformation	0x401114
HeapCreate	0x401118
GetProcAddress	0x40111c
ExitProcess	0x401120
WriteFile	0x401124
GetStdHandle	0x401128
GetModuleFileNameW	0x40112c
UnhandledExceptionFilter	0x401130
SetUnhandledExceptionFilter	0x401134
IsDebuggerPresent	0x401138
TerminateProcess	0x40113c
GetCurrentProcess	0x401140
Sleep	0x401144
HeapSize	0x401148
EnterCriticalSection	0x40114c
LeaveCriticalSection	0x401150
SetHandleCount	0x401154
InitializeCriticalSectionAndSpinCount	0x401158
DeleteCriticalSection	0x40115c
TlsAlloc	0x401160
TlsGetValue	0x401164
TlsSetValue	0x401168
TlsFree	0x40116c
InterlockedIncrement	0x401170
GetCurrentThreadId	0x401174
QueryPerformanceCounter	0x401178
GetTickCount	0x40117c
GetCurrentProcessId	0x401180
GetSystemTimeAsFileTime	0x401184
HeapReAlloc	0x401188
RtlUnwind	0x40118c
GetCPInfo	0x401190
GetOEMCP	0x401194
IsValidCodePage	0x401198
WideCharToMultiByte	0x40119c
IsProcessorFeaturePresent	0x4011a0
GetConsoleCP	0x4011a4
GetConsoleMode	0x4011a8
FlushFileBuffers	0x4011ac
LCMapStringW	0x4011b0
MultiByteToWideChar	0x4011b4
GetStringTypeW	0x4011b8
SetFilePointer	0x4011bc

Function	Address	Souspicious	Anti Debug
SelectPalette	0x401000
GetTextFaceW	0x401004
GetCharWidthA	0x401008

Function	Address	Souspicious	Anti Debug
CharUpperW	0x4011cc

Function	Address	Souspicious	Anti Debug
WinHttpGetProxyForUrl	0x4011d4