dwinstall.exe

First submission 2024-09-28 18:37:49

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 6615.15 KB (6773912 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 382d8a9708f98439d3c296793d63678b
SHA1: 5f90f54af337a01024a304f408fad2f0de3e1c1e
SHA256: 9178744797c11ca97840d5cf988b386f717fc5bedd19c125c0bff3d3e00e7816
Import Hash : 6ed4f5f04d62b18d96b26d6db7c18840
Sections 3 UPX0 UPX1 .rsrc
Directories 3 import resource security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 37/77 VT report date: 2024-09-17 07:49:37
Malware Type 2 trojan pua
Threat Type 3 agentb malgent dzcps

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://36.249.46.240:8765/dwinstall.exe VirusTotal Report 36.249.46.240 VirusTotal Report 2024-09-28 18:37:49

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x646000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x647000 0x666000 6709248 32d4e197b060284ec22492d96cff3e8a84852121 bf67d589349aa5e0967c73c5549808e4
.rsrc 0xcad000 0x9000 36352 df08d6e64d9ccb0c69b5a8df4956a860e05fe950 443020ca25e4b1445af7999a00625a64

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xcb1644 16936
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xcb5870 76
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xcb58c0 592
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xcb5b14 430

Meta infos 7

LegalCopyright: Copyright (c) 2024 DefensX
InternalName: DefensX\x5b89\x88c5\x5de5\x5177
FileVersion: 2024.7.4.1131
CompanyName: \x6e56\x5317\x76fe\x7f51\x7f51\x7edc\x79d1\x6280\x6709\x9650\x516c\x53f8
Translation: 0x0804 0x04b0
FileDescription: DefensX\x5b89\x88c5\x5de5\x5177
Comments: DefensX

File signature

MD5 SHA1 Block size Virtual Address
1bb7294b1314e4ef8af4906d76ebb80d ff5843a3d416246fa21d6553fdb2752a4244ef86 27800 6746112

Strings analysis - File found

Data
me.Dat
Database
$G.db
Library
KERNEL32.dll

Strings analysis - Possible IPs found 1

2.5.4.3

Strings analysis - Possible URLs found 19

http://crl.globalsign.com/root-r6.crl0G
http://ocsp.globalsign.com/codesigningrootr450F
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
https://www.globalsign.com/repository/0
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.globalsign.com/rootr103
http://crl.globalsign.com/root-r3.crl0G
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://ocsp.globalsign.com/rootr30;
http://ocsp2.globalsign.com/rootr606
https://www.dwhips.com0
http://secure.globalsign.com/cacert/root-r3.crt06
http://crl.globalsign.com/codesigningrootr45.crl0U
http://w
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://crl.globalsign.com/root.crl0G
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0

Import functions

Name Latest seen MD5
BnWxM.exe 2022-08-02 21:31:02 44e041dc2e445fcd33cc89b8453d0539
FkSyDHJGjzKRHTp.exe 2022-08-28 12:59:02 21f894391eaac76010275132312ac5c8
1533572208.exe 2022-09-26 07:48:02 809b9513cecea98e925419a39a6244a2
smbscanlocal-6e08d39fe99ad508d7e0c7aed19ececd.exe 2022-10-15 05:08:04 6e08d39fe99ad508d7e0c7aed19ececd
softv2.exe 2022-10-21 04:31:04 624d887c50cd38398904002ffcbc732a
chrome10_.eff 2022-11-01 07:56:05 73b9004ff373f3b7b2f595541deb5a02
win8def.exe 2022-11-03 21:45:08 99fa3cf292e4c3534951b6ebd96a6802
win.exe 2023-01-20 20:32:40 eb61b390ea1d6a48148fc1d368ce0bb4
wupxarch-6162-dcb505dc2b9d8aac05f4ca0727f5eadb.exe 2023-02-26 08:37:02 dcb505dc2b9d8aac05f4ca0727f5eadb
clip.exe 2023-03-22 17:37:04 8d3942d2bfaf962a1177aee8d08ca079
huilang.exe 2023-03-24 03:15:05 f1ec2cf6256a7c8543586065a07da47a
w-9.exe 2023-06-05 07:27:02 2dbc44aae677e2661475da5b2a3aac2e
wr.exe 2024-05-22 12:53:02 e2a072228078e6f3cf5073f4af029913
fscan.exe 2024-05-29 14:55:03 cf903e4a1629aa0582fd0363b5786676
[win 2024-07-07 17:45:17 e42a8e96e08ce2e22fade2309798e4ad
sevchost.exe 2024-06-06 09:33:08 ce8a92812da2af7e020a136c9ffeb656
test.exe 2024-06-14 16:55:18 71687e0babe1e0575c7471b0e696e9d3
win.exe 2024-06-17 18:51:06 9b79217f96ca501755c420141029fb56
tool.exe 2024-07-07 15:24:22 34c704347497551c5593eeabebb7b6ce
1.exe 2024-07-07 15:26:04 ed44c98c40576ef50f6abcf6e40c71d7
win 2024-07-07 15:34:05 620f02a61ac141dd1cedb8750bb9d288
check.exe 2024-07-07 15:56:24 f5402c009b189b8558e0d8ca5542d5df
windows_update.exe 2024-07-07 16:01:04 14129aa32bbd6bf03d3cde8837119e2a
win.exe 2024-07-07 19:46:04 36dcf115331160b2f88e83e5b8d07036
regedit.exe 2024-07-07 17:04:09 35de9800099c79c9f3e197b01f3ce9ab
win.exe 2024-07-07 19:43:27 351c0fca05d6d3808ff61b30ace8680a
win 2024-07-07 19:49:25 8077ae512e46e4b90cce77649b4a0329
shell 2024-07-07 19:50:13 7f4c6117939347448b3312f326f1c26b
shell 2024-07-07 20:07:00 4a4821089d05159eb3bb0b99f3a6992e
win 2024-07-07 20:07:24 8caac258a7b7088223c93cdf8433a815
shell 2024-07-07 20:09:21 d95db9b54b09b369477a463e8318a84b
sync.exe 2024-07-09 00:02:09 69bf43760932bcccc3f1d58edc80bef9
cab.exe 2024-07-09 00:04:13 5aefab6d98b943df267e28b42b5871e0
svchost.exe 2024-07-09 00:06:10 cb146d2042ae0df2c95f3afde7256583
svhost.exe 2024-07-09 00:09:18 745fb7d63f32eb616ec46b61792f39b0
test.exe 2024-07-09 00:10:10 d19291fc64d40d67755f8a66e43200a3
sss.exe 2024-07-09 00:28:33 132311fd6b3d449f231b680640544b1b
cc 2024-07-09 00:30:13 f84d08aa136cff60ce8e8c45202190af
windows 2024-08-25 12:42:48 131c92ac224f1026e1660ed1aa7d2e9b
win.exe 2024-08-25 13:51:23 48dfda3eff897f0a62f71bbac51ff237
Crack.exe 2024-08-25 15:21:22 7dad2c4407957ac063b27b5dbbe8e596
66e579d0cbf2d_win.exe 2024-10-03 14:22:04 049d2f0e9e03c057d906287c2003331b
66fad551bd8fd_edgeupdater.exe 2024-09-30 20:48:03 205eba033c31a42d83971958eee8d0eb