DigitalSide Threat Intel

0a839761915d.exe

First submission 2024-10-11 09:39:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 580.39 KB (594320 bytes)
Compile time: 2024-10-11 09:08:50
MD5: 397ccf85427fe1a0523697e7f77f57a6
SHA1: 738eb4b35f51b5b1a89b1602a9207db1409b1700
SHA256: e5c21e6655572c8096cd0b5dbcce06fc1ca273ef0823093f9253ebc032dbcfe9
Import Hash : 123e239a3e28f0916ec222eaf58ca968
Sections 5 .text .rdata .data .reloc .rsrc
Directories 5 import resource debug relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 22/77 VT report date: 2024-10-11 09:23:09
Malware Type 1 trojan
Threat Type 1 stealerc

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://proxy.siteterbaru.xyz/css/0a839761915d.exe VirusTotal Report proxy.siteterbaru.xyz VirusTotal Report 2024-10-11 09:39:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x219a8 137728 b96df5402e10eec4ca48a4462087d4d1399eede1 82a5df33a99d2352543599c9ff2b76a4
.rdata 0x23000 0xa0aa 41472 71efc5ecb006c4d9807399d76ec6828fd90291c2 b0c224f6708ec4c4684659dd891c0e97
.data 0x2e000 0x5a2f4 365568 30520f8a94b666f513dd788417b6def45b30b2de b4c3e4aa6d00e56737d541606cb2404e
.reloc 0x89000 0x1c18 7680 0e077747be3f167578689ca0e53d1c89c7799b6f 8c2a2042861ec6039c38551fabdd1d30
.rsrc 0x8b000 0x128 512 7cabd9fb6dcabff49fcae41970e9d854fe966588 280e730e6635daad14b7c44cb711eb59

PE Resources 1

Name Language Sublanguage Offset Size Data
MUI LANG_ENGLISH SUBLANG_ENGLISH_US 0x8b060 200

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
5e5176873ccfe2eac091c89f1f4d84bf 17cddeb5c426cd6a3a50e937bd0f5d487308bf31 20168 574152

Strings analysis - File found

Library
mscoree.dll
USER32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 14

http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
http://office.microsoft.com
http://www.microsoft.com/pkiops/docs/primarycps.htm0@
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
http://www.microsoft.com/pkiops/Docs/Repository.htm0
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
http://www.microsoft.com/PKI/docs/CPS/default.htm0@
http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a

Import functions

Function Address Souspicious Anti Debug
LoadLibraryExW 0x423000
CreateFileW 0x423004
GetConsoleWindow 0x423008
TlsGetValue 0x42300c
MultiByteToWideChar 0x423010
GetStringTypeW 0x423014
WideCharToMultiByte 0x423018
EnterCriticalSection 0x42301c
LeaveCriticalSection 0x423020
InitializeCriticalSectionEx 0x423024
DeleteCriticalSection 0x423028
EncodePointer 0x42302c
DecodePointer 0x423030
LCMapStringEx 0x423034
GetCPInfo 0x423038
IsProcessorFeaturePresent 0x42303c
UnhandledExceptionFilter 0x423040
SetUnhandledExceptionFilter 0x423044
GetCurrentProcess 0x423048
TerminateProcess 0x42304c
QueryPerformanceCounter 0x423050
GetCurrentProcessId 0x423054
GetCurrentThreadId 0x423058
GetSystemTimeAsFileTime 0x42305c
InitializeSListHead 0x423060
IsDebuggerPresent 0x423064
GetStartupInfoW 0x423068
GetModuleHandleW 0x42306c
HeapSize 0x423070
RaiseException 0x423074
RtlUnwind 0x423078
GetLastError 0x42307c
SetLastError 0x423080
InitializeCriticalSectionAndSpinCount 0x423084
TlsAlloc 0x423088
TlsSetValue 0x42308c
TlsFree 0x423090
FreeLibrary 0x423094
GetProcAddress 0x423098
WriteConsoleW 0x42309c
GetStdHandle 0x4230a0
WriteFile 0x4230a4
GetModuleFileNameW 0x4230a8
ExitProcess 0x4230ac
GetModuleHandleExW 0x4230b0
HeapAlloc 0x4230b4
HeapFree 0x4230b8
LCMapStringW 0x4230bc
GetLocaleInfoW 0x4230c0
IsValidLocale 0x4230c4
GetUserDefaultLCID 0x4230c8
EnumSystemLocalesW 0x4230cc
GetFileType 0x4230d0
CloseHandle 0x4230d4
FlushFileBuffers 0x4230d8
GetConsoleOutputCP 0x4230dc
GetConsoleMode 0x4230e0
ReadFile 0x4230e4
GetFileSizeEx 0x4230e8
SetFilePointerEx 0x4230ec
ReadConsoleW 0x4230f0
HeapReAlloc 0x4230f4
FindClose 0x4230f8
FindFirstFileExW 0x4230fc
FindNextFileW 0x423100
IsValidCodePage 0x423104
GetACP 0x423108
GetOEMCP 0x42310c
GetCommandLineA 0x423110
GetCommandLineW 0x423114
GetEnvironmentStringsW 0x423118
FreeEnvironmentStringsW 0x42311c
SetStdHandle 0x423120
GetProcessHeap 0x423124
Function Address Souspicious Anti Debug
ShowWindow 0x42312c

Related files by ImpHash 1 123e239a3e28f0916ec222eaf58ca968

Name Latest seen MD5
670937a58778f_LisioFirendes.exe 2024-10-12 07:16:01 de14925632f91bdb33ca3333a51c20c0