AwHQZ.exe

First submission 2022-08-02 19:58:01

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
File type: 160.5 KB (164352 bytes)
Compile time: 2020-05-24 15:40:22
MD5: 3564b2127c519a9e39b63f0e6994a3d1
SHA1: 158c22dea6eb92f518af7ea947e08521a904e3ad
SHA256: 09103f6536c9315c4d1cfa28a4105a2e9bd06f5c432bb62dc5a2b1d0b5902fdd
Import Hash : 4563c74acbd357d386b177e402b96ce4
Sections 7 .text .data .eh_fram .bss .edata .idata .reloc
Directories 3 import export relocation
Virus Total: 42/58 VT report date: 2022-08-01 18:46:17

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/AwHQZ.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 19:58:01

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x20578 132608 a23456cad6e9d5ec12664cc125ec774f9718b96d 099fef7ea3c54ecba263d6dbc96a6e54
.data 0x22000 0x4c7c 19968 d7645c0e3166f5292d38252ce126ad52cfa3e82a b1b4c0298278a6ae7a797f43ea24617d
.eh_fram 0x27000 0x5d8 1536 7cbb2aa42ec3891edfd7d222dbc813373dbc430f ee3526956133654d2a7c0bf23fe30087
.bss 0x28000 0x6684 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.edata 0x2f000 0x31 512 db85b84f57abdbe08ea2e1d3789512a32364933a 4fca42e2045a6ebca8ded8b2c6d69815
.idata 0x30000 0x13e8 5120 68ee458edf20788c46c4840048e2e0a4006250b7 eec5132f6de9a9eb25ac46a0cb712591
.reloc 0x32000 0xdac 3584 da29afab8d2bb1fb07210b333fa520853eb73655 ac467d2463f31d21d99a47c4563bad8a

Anti debug functions 4

GetLastError
Process32First
Process32Next
TerminateProcess

Strings analysis - File found

Text
filenames.txt
Library
USER32.dll
KERNEL32.dll
WINHTTP.dll
WS2_32.dll
ADVAPI32.dll
IPHLPAPI.DLL
Crypt32.dll
PSAPI.DLL
MSVCRT.dll
NETAPI32.dll
SHELL32.dll
GDI32.dll

Strings analysis - Possible URLs found 2

http://www.yandex.com
http://%s%s

Import functions

Name Latest seen MD5
host.exe 2021-10-29 18:41:02 21c97621d2f2374fa75d71282c566203