67065227a0640_rrrrrrrr.exe
First submission 2024-10-12 06:24:03
File details
| File type: | PE32+ executable (GUI) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 10727.5 KB (10984960 bytes) |
| Compile time: | 2024-10-09 11:46:56 |
| MD5: | 356279b22763084935165ad080b0ae9a |
| SHA1: | 90877794babb6b77add711b1c4d422229e86cb8b |
| SHA256: | 4635a9149c53a2fbc072ceb338351d3b149e093cd43163e01d629bb016f8cd7c |
| Import Hash : | 3fac356340f08f787f93cbf317f090cd |
| Sections 10 | .text��� .rdata�� .data��� .pdata�� .00cfg�� .tls���� .text0�� .text1�� .text2�� .rsrc��� |
| Directories 3 | import resource tls |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 18/77 VT report date: 2024-10-11 07:04:05 |
| Malware Type 2 | trojan miner |
| Threat Type 1 | vmprotect |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://app.cumpar-auto-orice-tip.ro/downloads/67065227a0640_rrrrrrrr.exe  |
app.cumpar-auto-orice-tip.ro |
2024-10-12 06:24:03 |
PE Sections 9 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x8176 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rdata�� | 0xa000 | 0x1eb8 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .data��� | 0xc000 | 0xc9ea28 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .pdata�� | 0xcab000 | 0x180 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .00cfg�� | 0xcac000 | 0x10 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .tls���� | 0xcad000 | 0x10 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .text0�� | 0xcae000 | 0x2943d8 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .text1�� | 0xf43000 | 0x58 | 512 | 9882fcf223bd91ce160f080128d08eee06cc02b5 | 21966b00468a1b80a168c5b57058aae9 | |
| .text2�� | 0xf44000 | 0xa49050 | 10785280 | d3a3e1b12fe25be2a3da2d971c9fb7bd268837bd | 928d095296467e2bf5d148201426acc5 | |
| .rsrc��� | 0x198e000 | 0x304d0 | 198144 | 061814a6af0f96e9cb7e20f14a5c04015128c53c | 993881118b1eebe7146bd4d6e79c6713 |
PE Resources 3
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x19bdcf0 | 1128 | |
| RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x19be158 | 132 | |
| RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x19be1e0 | 752 |
Meta infos 9
| LegalCopyright: | Copyright 2024 Google LLC. All rights reserved. |
| ProductVersion: | 127,0,6533,89 |
| CompanyName: | Google Chrome |
| FileTitle: | chrome_exe |
| FileVersion: | 127,0,6533,89 |
| FileDescription: | Google Chrome |
| Translation: | 0x0409 0x04e4 |
| LegalTrademark: | |
| ProductName: | Google LLC |
Strings analysis - File found
| Executable |
| uf.so |
| <^.so |
| Library |
| KERNEL32.dll |
| MSVCRT.dll |
Import functions
| Name | Latest seen | MD5 |
|---|---|---|
| 66dd2c2d3b88f_opera.exe | 2024-09-28 01:17:03 | 079d166295bafa2ab44902c8bf5ff2a5 |
| 66f904cda3b3f_fusion.exe | 2024-09-29 10:21:06 | 6e1953433d891db10790aafcced19b30 |
| 66b331646d2cd_123p.exe | 2024-10-09 18:19:06 | 27b14ad026da76c1111174c6b4ba6aba |
| 66b45c742e0a1_123p.exe | 2024-10-09 18:39:03 | 488d85695b6e76307aa595f8db6a48fc |
| 66af31c75d213_123p.exe | 2024-10-09 18:40:04 | 3b24971c5fef776db7df10a769f0857a |
| 66c6efd6b6f8b_123p.exe | 2024-10-07 21:05:04 | 599d2d45fa16bd871c7f4d57533fc0a4 |
| 66c2d861a5b4d_google.exe | 2024-10-08 02:25:04 | 8447dbe44aa2ede5d56341e0dc22f319 |