Earco8.exe

First submission 2024-02-07 16:22:04

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 649.0 KB (664576 bytes)
Compile time: 2023-03-14 14:41:29
MD5: 35ffefa212414c2538df410e5ad3afa7
SHA1: e7721fbb85e400c74c7f4de95f1c27b6318caabd
SHA256: 9217999518147c602f16ed7d80c9b95dec621f442192ce49192736a27e73847f
Import Hash : 62d46ff31d47f63978e2d51da092dc3a
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://receitasdepascoa.com/Earco8.exe VirusTotal Report receitasdepascoa.com VirusTotal Report 2024-02-07 16:22:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x8d486 579072 15850eb306470a964ad76a56f92c31b8988d6dbe fa98f3b6eb8865a98bc5e9b47cf2dee9
.rdata 0x8f000 0x5280 21504 4ad72d2785dce35f36324372825f469bdbae1ad0 750dd2734bc89fcb9964d7a86a54aa8b
.data 0x95000 0x12528 20992 3d8c8433f62a85463eac32a4c9304a2b2b97440d 1bedb501c6b1666a52ded654e0b212b5
.rsrc 0xa8000 0x1f248 41984 b3dac52ea7651c8cb44e37906fde306e5484ba0f 9784a68008f12b3bd4f9018ac4d6b5a4

PE Resources 7

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0xb0430 14
TAJONULE LANG_ROMANIAN SUBLANG_ROMANIAN 0xae5b0 7729
RT_ICON LANG_ROMANIAN SUBLANG_ROMANIAN 0xae0e0 1128
RT_STRING LANG_ROMANIAN SUBLANG_ROMANIAN 0xb1e70 978
RT_ACCELERATOR LANG_ROMANIAN SUBLANG_ROMANIAN 0xb03e8 72
RT_GROUP_ICON LANG_ROMANIAN SUBLANG_ROMANIAN 0xae548 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0xb0440 496

Meta infos 6

FileVersion: 1.24.72.42
FileDescription: Black
Translation: 0x0407 0x0672
ProductName: Mustifest
OriginalFilename: Wonder
ProductVersion: 94.56.64.72

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
MSIMG32.dll
WINHTTP.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

94.56.64.72
1.24.72.42

Import functions

Name Latest seen MD5
current.exe 2024-02-07 23:41:02 2640c96c0be54c6f5b1880bdde2d0c92